diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-10 16:03:19 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-10 16:03:19 +0000 |
commit | 76dfb6931697743b0416d54f907193e7cfda2c79 (patch) | |
tree | 8860d48835313b2cb48265b12e195dae7a2dd92a | |
parent | a6be63d15ff61440eb5260f4829f96fc2b5e8b77 (diff) | |
parent | 4f1dc64623c97da5d6b3e0b9fcab5a6b152f0922 (diff) | |
download | cts-76dfb6931697743b0416d54f907193e7cfda2c79.tar.gz |
Snap for 9157512 from 4f1dc64623c97da5d6b3e0b9fcab5a6b152f0922 to mainline-tzdata3-releaseaml_tz3_312410020aml_tz3_312410010
Change-Id: Ia60b07413cfe8be61373f1095ee018983ac6a700
358 files changed, 8274 insertions, 1786 deletions
diff --git a/apps/MainlineModuleDetector/Android.mk b/apps/MainlineModuleDetector/Android.mk deleted file mode 100644 index a0ccc3cfe7a..00000000000 --- a/apps/MainlineModuleDetector/Android.mk +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2019 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -LOCAL_PATH:= $(call my-dir) -include $(CLEAR_VARS) - -LOCAL_MODULE_TAGS := optional - -LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS) - -LOCAL_STATIC_JAVA_LIBRARIES := compatibility-device-util-axt - -# Disable dexpreopt and <uses-library> check for test. -LOCAL_ENFORCE_USES_LIBRARIES := false -LOCAL_DEX_PREOPT := false - -LOCAL_SRC_FILES := $(call all-java-files-under, src) - -LOCAL_PACKAGE_NAME := MainlineModuleDetector -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 -LOCAL_LICENSE_CONDITIONS := notice - -LOCAL_SDK_VERSION := current - -LOCAL_COMPATIBILITY_SUITE := cts general-tests sts - -include $(BUILD_CTS_PACKAGE) diff --git a/apps/MainlineModuleDetector/OWNERS b/apps/MainlineModuleDetector/OWNERS deleted file mode 100644 index 8f076a82482..00000000000 --- a/apps/MainlineModuleDetector/OWNERS +++ /dev/null @@ -1,3 +0,0 @@ -# Bug component: 195645 -manjaepark@google.com -mspector@google.com
\ No newline at end of file diff --git a/apps/MainlineModuleDetector/src/com/android/cts/mainlinemoduledetector/MainlineModuleDetector.java b/apps/MainlineModuleDetector/src/com/android/cts/mainlinemoduledetector/MainlineModuleDetector.java deleted file mode 100644 index 01c02c774cd..00000000000 --- a/apps/MainlineModuleDetector/src/com/android/cts/mainlinemoduledetector/MainlineModuleDetector.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.cts.mainlinemoduledetector; - -import android.app.Activity; -import android.content.pm.PackageManager; -import android.os.Bundle; -import android.util.Log; - -import com.android.compatibility.common.util.mainline.MainlineModule; -import com.android.compatibility.common.util.mainline.ModuleDetector; - -import java.util.HashSet; -import java.util.Set; - -public class MainlineModuleDetector extends Activity { - - private static final String LOG_TAG = "MainlineModuleDetector"; - - @Override - public void onCreate(Bundle savedInstanceState) { - super.onCreate(savedInstanceState); - try { - PackageManager pm = getApplicationContext().getPackageManager(); - Set<MainlineModule> modules = ModuleDetector.getPlayManagedModules(pm); - Set<String> moduleNames = new HashSet<>(); - for (MainlineModule module : modules) { - moduleNames.add(module.packageName); - } - Log.i(LOG_TAG, "Play managed modules are: <" + String.join(",", moduleNames) + ">"); - } catch (Exception e) { - Log.e(LOG_TAG, "Failed to retrieve modules.", e); - } - this.finish(); - } -} diff --git a/hostsidetests/media/bitstreams/AndroidTest.xml b/hostsidetests/media/bitstreams/AndroidTest.xml index 070b44ddcf3..c07fa07eb9e 100644 --- a/hostsidetests/media/bitstreams/AndroidTest.xml +++ b/hostsidetests/media/bitstreams/AndroidTest.xml @@ -25,6 +25,11 @@ <option name="dynamic-config-name" value="cts-dynamic-config" /> <option name="version" value="9.0_r1"/> </target_preparer> + <target_preparer class="com.android.compatibility.common.tradefed.targetprep.DynamicConfigPusher"> + <option name="target" value="device" /> + <option name="config-filename" value="CtsMediaBitstreamsTestCases" /> + <option name="version" value="9.0_r1"/> + </target_preparer> <target_preparer class="com.android.compatibility.common.tradefed.targetprep.MediaPreparer"> <option name="media-download-only" value="true" /> </target_preparer> @@ -32,11 +37,6 @@ <option name="cleanup-apks" value="true" /> <option name="test-file-name" value="CtsMediaBitstreamsDeviceSideTestApp.apk" /> </target_preparer> - <target_preparer class="com.android.compatibility.common.tradefed.targetprep.DynamicConfigPusher"> - <option name="target" value="device" /> - <option name="config-filename" value="CtsMediaBitstreamsTestCases" /> - <option name="version" value="9.0_r1"/> - </target_preparer> <target_preparer class="com.android.compatibility.common.tradefed.targetprep.ReportLogCollector"> <option name="src-dir" value="/sdcard/report-log-files/"/> <option name="dest-dir" value="report-log-files/"/> diff --git a/hostsidetests/securitybulletin/Android.bp b/hostsidetests/securitybulletin/Android.bp index 7770ebde437..ec98710e6c1 100644 --- a/hostsidetests/securitybulletin/Android.bp +++ b/hostsidetests/securitybulletin/Android.bp @@ -23,7 +23,6 @@ java_test_host { java_resource_dirs: ["res"], // tag this module as a cts test artifact test_suites: [ - "cts", "general-tests", "sts", ], @@ -38,6 +37,7 @@ java_test_host { cc_defaults { name: "cts_hostsidetests_securitybulletin_defaults", + auto_gen_config: false, compile_multilib: "both", multilib: { lib32: { @@ -54,7 +54,6 @@ cc_defaults { }, }, test_suites: [ - "cts", "sts", "general-tests", ], diff --git a/hostsidetests/securitybulletin/res/cve_2021_39623.ogg b/hostsidetests/securitybulletin/res/cve_2021_39623.ogg Binary files differnew file mode 100644 index 00000000000..1992a17f915 --- /dev/null +++ b/hostsidetests/securitybulletin/res/cve_2021_39623.ogg diff --git a/hostsidetests/securitybulletin/res/cve_2022_22082.dsf b/hostsidetests/securitybulletin/res/cve_2022_22082.dsf Binary files differnew file mode 100644 index 00000000000..60d1a5afbbc --- /dev/null +++ b/hostsidetests/securitybulletin/res/cve_2022_22082.dsf diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/Android.bp new file mode 100644 index 00000000000..50662fdeae6 --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/Android.bp @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_test { + name: "CVE-2021-39623", + defaults: ["cts_hostsidetests_securitybulletin_defaults"], + srcs: [ + "poc.cpp", + ], + header_libs: [ + "libmediametrics_headers", + ], + shared_libs: [ + "libstagefright", + "libdatasource", + "libutils", + ], +} diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/poc.cpp new file mode 100644 index 00000000000..d9e38baa633 --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/poc.cpp @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "../includes/common.h" +#include <datasource/DataSourceFactory.h> +#include <dlfcn.h> +#include <gui/SurfaceComposerClient.h> +#include <media/IMediaHTTPService.h> +#include <media/stagefright/InterfaceUtils.h> +#include <media/stagefright/MediaCodecList.h> +#include <media/stagefright/MediaExtractorFactory.h> +#include <media/stagefright/SimpleDecodingSource.h> +#include <sys/mman.h> + +typedef void *(*mmap_t)(void *, size_t, int, int, int, off_t); +mmap_t real_mmap = nullptr; + +using namespace android; + +bool testInProgress = false; +constexpr size_t kTargetBufferSize = 32768; +struct sigaction new_action, old_action; +void sigsegv_handler(int signum, siginfo_t *info, void *context) { + if (testInProgress && info->si_signo == SIGSEGV) { + (*old_action.sa_sigaction)(signum, info, context); + return; + } + exit(EXIT_FAILURE); +} + +void *mmap(void *addr, size_t length, int prot, int flags, int fd, + off_t offset) { + real_mmap = (mmap_t)dlsym(RTLD_NEXT, "mmap"); + if (!real_mmap) { + exit(EXIT_FAILURE); + } + if (length == kTargetBufferSize) { + char *tmp_ptr = (char *)real_mmap(addr, length + PAGE_SIZE, prot, + flags | MAP_ANONYMOUS, -1, offset); + mprotect(tmp_ptr + length, PAGE_SIZE, PROT_NONE); + return tmp_ptr; + } + return real_mmap(addr, length, prot, flags, fd, offset); +} + +int main(int argc, char **argv) { + FAIL_CHECK(argc > 1); + sigemptyset(&new_action.sa_mask); + new_action.sa_flags = SA_SIGINFO; + new_action.sa_sigaction = sigsegv_handler; + sigaction(SIGSEGV, &new_action, &old_action); + + sp<DataSource> dataSource = DataSourceFactory::getInstance()->CreateFromURI( + nullptr /* httpService */, argv[1]); + FAIL_CHECK(dataSource); + + sp<IMediaExtractor> extractor = MediaExtractorFactory::Create(dataSource); + FAIL_CHECK(extractor); + + sp<MediaSource> mediaSource = + CreateMediaSourceFromIMediaSource(extractor->getTrack(0)); + FAIL_CHECK(mediaSource); + + sp<MediaSource> rawSource = SimpleDecodingSource::Create( + mediaSource, MediaCodecList::kPreferSoftwareCodecs, nullptr, nullptr, + false); + FAIL_CHECK(rawSource); + + status_t err = rawSource->start(); + FAIL_CHECK(err == OK); + + MediaSource::ReadOptions options = {}; + MediaBufferBase *buffer = nullptr; + + testInProgress = true; + rawSource->read(&buffer, &options); + testInProgress = false; + if (buffer) { + buffer->release(); + buffer = nullptr; + } + options.clearSeekTo(); + options.setSeekTo(0); + rawSource->stop(); + return EXIT_SUCCESS; +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java b/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java index c8e8cbfe049..bef0e9a7558 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java @@ -23,6 +23,7 @@ import com.android.compatibility.common.util.ResultUnit; import com.android.ddmlib.IShellOutputReceiver; import com.android.ddmlib.NullOutputReceiver; import com.android.ddmlib.CollectingOutputReceiver; +import com.android.sts.common.tradefed.testtype.SecurityTestCase; import com.android.tradefed.device.DeviceNotAvailableException; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.device.NativeDevice; @@ -261,48 +262,6 @@ public class AdbUtils { } /** - * Enables malloc debug on a given process. - * - * @param processName the name of the process to run with libc malloc debug - * @param device the device to use - * @return true if enabling malloc debug succeeded - */ - public static boolean enableLibcMallocDebug(String processName, ITestDevice device) throws Exception { - device.executeShellCommand("setprop libc.debug.malloc.program " + processName); - device.executeShellCommand("setprop libc.debug.malloc.options \"backtrace guard\""); - /** - * The pidof command is being avoided because it does not exist on versions before M, and - * it behaves differently between M and N. - * Also considered was the ps -AoPID,CMDLINE command, but ps does not support options on - * versions before O. - * The [^]] prefix is being used for the grep command to avoid the case where the output of - * ps includes the grep command itself. - */ - String cmdOut = device.executeShellCommand("ps -A | grep '[^]]" + processName + "'"); - /** - * .hasNextInt() checks if the next token can be parsed as an integer, not if any remaining - * token is an integer. - * Example command: $ ps | fgrep mediaserver - * Out: media 269 1 77016 24416 binder_thr 00f35142ec S /system/bin/mediaserver - * The second field of the output is the PID, which is needed to restart the process. - */ - Scanner s = new Scanner(cmdOut).useDelimiter("\\D+"); - if(!s.hasNextInt()) { - CLog.w("Could not find pid for process: " + processName); - return false; - } - - String result = device.executeShellCommand("kill -9 " + s.nextInt()); - if(!result.equals("")) { - CLog.w("Could not restart process: " + processName); - return false; - } - - TimeUnit.SECONDS.sleep(1); - return true; - } - - /** * Pushes and installs an apk to the selected device * * @param pathToApk a string path to apk from the /res folder diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java index 0822c75c100..6a259b4e744 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java @@ -16,19 +16,20 @@ package android.security.cts; -import static org.junit.Assume.assumeTrue; import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Before; +import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; - @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_182282630 extends SecurityTestCase { +public final class Bug_182282630 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_182282630"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-182282630.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java index 57e26353662..52f680efe13 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java @@ -21,14 +21,15 @@ import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Before; +import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; - @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_182808318 extends SecurityTestCase { +public final class Bug_182808318 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_182808318"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-182808318.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182810085.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182810085.java new file mode 100644 index 00000000000..b461fae5608 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182810085.java @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class Bug_182810085 extends NonRootSecurityTestCase { + private static final String TEST_PKG = "android.security.cts.BUG_182810085"; + private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; + private static final String TEST_APP = "BUG-182810085.apk"; + + @Before + public void setUp() throws Exception { + assumeTrue( + "not an Automotive device", + getDevice().hasFeature("feature:android.hardware.type.automotive")); + uninstallPackage(getDevice(), TEST_PKG); + } + + @Test + @AsbSecurityTest(cveBugId = 182810085) + public void testRunDeviceTestsPassesFull() throws Exception { + installPackage(TEST_APP); + // Grant permission to draw overlays. + getDevice().executeShellCommand( + "pm grant " + TEST_PKG + " android.permission.SYSTEM_ALERT_WINDOW"); + assertTrue(runDeviceTests(TEST_PKG, TEST_CLASS, "testTapjacking")); + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java index e3dd727793c..1295a85f1a9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java @@ -16,19 +16,20 @@ package android.security.cts; -import static org.junit.Assume.assumeTrue; import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Before; +import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; - @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_183410508 extends SecurityTestCase { +public final class Bug_183410508 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_183410508"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-183410508.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java index d59fce4e74f..fac7d0e8f61 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java @@ -21,6 +21,7 @@ import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; import org.junit.Before; @@ -28,7 +29,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_183411210 extends SecurityTestCase { +public final class Bug_183411210 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_183411210"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-183411210.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java index df7556c45b3..bbcd64c16fd 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java @@ -16,19 +16,20 @@ package android.security.cts; -import static org.junit.Assume.assumeTrue; import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Before; +import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; - @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_183411279 extends SecurityTestCase { +public final class Bug_183411279 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_183411279"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-183411279.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java index 75bbd0ac298..f0b6568d57e 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java @@ -23,10 +23,10 @@ import org.junit.Test; import org.junit.Before; import org.junit.runner.RunWith; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_183613671 extends StsExtraBusinessLogicHostTestBase { +public final class Bug_183613671 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_183613671"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-183613671.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java index 73cfdb9762d..8045838cfb1 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java @@ -16,19 +16,20 @@ package android.security.cts; -import static org.junit.Assume.assumeTrue; import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Before; +import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; - @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_183794206 extends SecurityTestCase { +public final class Bug_183794206 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_183794206"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-183794206.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java index adf6103043a..7b183b387d9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java @@ -25,10 +25,10 @@ import org.junit.Before; import org.junit.runner.RunWith; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; @RunWith(DeviceJUnit4ClassRunner.class) -public final class Bug_183963253 extends StsExtraBusinessLogicHostTestBase { +public final class Bug_183963253 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.BUG_183963253"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "BUG-183963253.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java index 84ae1149b3c..5580acb598f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java @@ -15,15 +15,19 @@ */ package android.security.cts; + import static org.junit.Assume.assumeFalse; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Bug_187957589 extends SecurityTestCase { +public class Bug_187957589 extends NonRootSecurityTestCase { /** * b/187957589 * Vulnerability Behaviour: out of bounds write in noteAtomLogged for negative atom ids. diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java index 4ee8a5e1833..a4b8506aed2 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java @@ -15,15 +15,20 @@ */ package android.security.cts; + +import static org.junit.Assume.assumeFalse; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.compatibility.common.util.CrashUtils; -import static org.junit.Assume.assumeFalse; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2016_2182 extends SecurityTestCase { +public class CVE_2016_2182 extends NonRootSecurityTestCase { /** * b/32096880 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java index 462864bf719..21057e216ab 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2016_8332 extends SecurityTestCase { +public class CVE_2016_8332 extends NonRootSecurityTestCase { /** * b/37761553 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java index 02675513dc3..91766f8ee06 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java @@ -15,13 +15,17 @@ */ package android.security.cts; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2017_0684 extends SecurityTestCase { +public class CVE_2017_0684 extends NonRootSecurityTestCase { /** * b/35421151 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java index 4f08b711fda..397078d08ff 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java @@ -15,13 +15,17 @@ */ package android.security.cts; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2017_0726 extends SecurityTestCase { +public class CVE_2017_0726 extends NonRootSecurityTestCase { /** * b/36389123 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java index 62c72f2067e..bd69afb4e57 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java @@ -15,16 +15,20 @@ */ package android.security.cts; -import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; import static org.junit.Assert.*; import static org.junit.Assume.*; +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2017_13194 extends SecurityTestCase { +public class CVE_2017_13194 extends NonRootSecurityTestCase { /** * b/64710201 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java index 0990cd448ec..f67c556e4df 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9410 extends SecurityTestCase { +public class CVE_2018_9410 extends NonRootSecurityTestCase { /** * b/77822336 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java index df360d0d1d0..d58b3c39991 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java @@ -17,13 +17,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; + import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9537 extends SecurityTestCase { +public class CVE_2018_9537 extends NonRootSecurityTestCase { /** * b/112891564 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java index 1bb5e0a4679..f4a91b43485 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9547 extends SecurityTestCase { +public class CVE_2018_9547 extends NonRootSecurityTestCase { /** * b/114223584 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java index bf2b0d1d3f9..1db523b4d1a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java @@ -17,13 +17,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; + import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9549 extends SecurityTestCase { +public class CVE_2018_9549 extends NonRootSecurityTestCase { /** * b/112160868 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java index b127c851d70..257d5784521 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java @@ -21,15 +21,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9558 extends SecurityTestCase { +public class CVE_2018_9558 extends NonRootSecurityTestCase { /** * b/112161557 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java index ceeb117a52b..d8027c08248 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9561 extends SecurityTestCase { +public class CVE_2018_9561 extends NonRootSecurityTestCase { /** * b/111660010 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java index 09d391ed758..22f1c97aa3d 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9563 extends SecurityTestCase { +public class CVE_2018_9563 extends NonRootSecurityTestCase { /** * b/114237888 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java index 6e4d588205a..cafea318d8c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9564 extends SecurityTestCase { +public class CVE_2018_9564 extends NonRootSecurityTestCase { /** * b/114238578 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java index ab18f52e21f..02c470b6a7d 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.tradefed.device.ITestDevice; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9584 extends SecurityTestCase { +public class CVE_2018_9584 extends NonRootSecurityTestCase { /** * b/114047681 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java index 4f3a3bf1e66..8c24f9d51bf 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.tradefed.device.ITestDevice; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9585 extends SecurityTestCase { +public class CVE_2018_9585 extends NonRootSecurityTestCase { /** * b/117554809 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java index e899b7ae9e9..fb300c4b9bd 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9593 extends SecurityTestCase { +public class CVE_2018_9593 extends NonRootSecurityTestCase { /** * b/116722267 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java index d6e8fb59c0e..d196681d95b 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2018_9594 extends SecurityTestCase { +public class CVE_2018_9594 extends NonRootSecurityTestCase { /** * b/116791157 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java index 826db694646..6f4c33bfcdd 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2007 extends SecurityTestCase { +public class CVE_2019_2007 extends NonRootSecurityTestCase { /** * b/120789744 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java index 373703e3171..9fe5cb4ff8f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.tradefed.device.ITestDevice; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2011 extends SecurityTestCase { +public class CVE_2019_2011 extends NonRootSecurityTestCase { /** * b/120084106 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java index 181d660df48..1b4a4a7d364 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2012 extends SecurityTestCase { +public class CVE_2019_2012 extends NonRootSecurityTestCase { /** * b/120497437 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java index 0ac72b2b52a..caaa463ab32 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.tradefed.device.ITestDevice; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2013 extends SecurityTestCase { +public class CVE_2019_2013 extends NonRootSecurityTestCase { /** * b/120497583 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java index e6863ac86a7..b54d767a91b 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java @@ -17,13 +17,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2014 extends SecurityTestCase { +public class CVE_2019_2014 extends NonRootSecurityTestCase { /** * b/120499324 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java index 1a798c2199e..bf46c60e611 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2015 extends SecurityTestCase { +public class CVE_2019_2015 extends NonRootSecurityTestCase { /** * b/120503926 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java index b7c2ea8fab3..b1a1b54581f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2017 extends SecurityTestCase { +public class CVE_2019_2017 extends NonRootSecurityTestCase { /** * b/121035711 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java index 1c5a180e64e..448611fbb4e 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2019 extends SecurityTestCase { +public class CVE_2019_2019 extends NonRootSecurityTestCase { /** * b/115635871 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java index b65faeef587..9ea384649f9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2020 extends SecurityTestCase { +public class CVE_2019_2020 extends NonRootSecurityTestCase { /** * b/116788646 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java index 8d0d4d65909..b2fd563b5fd 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2021 extends SecurityTestCase { +public class CVE_2019_2021 extends NonRootSecurityTestCase { /** * b/120428041 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java index 057e937e868..e60f0ba8918 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2022 extends SecurityTestCase { +public class CVE_2019_2022 extends NonRootSecurityTestCase { /** * b/120506143 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java index df6c6f4b6b2..ad289bf43b9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java @@ -17,13 +17,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; + import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2027 extends SecurityTestCase { +public class CVE_2019_2027 extends NonRootSecurityTestCase { /** * b/119120561 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java index 21b22856fcc..dc941865c22 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2031 extends SecurityTestCase { +public class CVE_2019_2031 extends NonRootSecurityTestCase { /** * b/120502559 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java index 8757455e954..a6435617a6a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2035 extends SecurityTestCase { +public class CVE_2019_2035 extends NonRootSecurityTestCase { /** * b/122320256 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java index 4fe01646da1..46c0eb4b7e8 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2038 extends SecurityTestCase { +public class CVE_2019_2038 extends NonRootSecurityTestCase { /** * b/121259048 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java index 63903409371..f411ae1bcd2 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2039 extends SecurityTestCase { +public class CVE_2019_2039 extends NonRootSecurityTestCase { /** * b/121260197 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java index 6c6d2394329..062248a931d 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2040 extends SecurityTestCase { +public class CVE_2019_2040 extends NonRootSecurityTestCase { /** * b/122316913 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java index e36c46f7974..a3f6307be76 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2044 extends SecurityTestCase { +public class CVE_2019_2044 extends NonRootSecurityTestCase { /** * b/123701862 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java index 16487a30037..ab2517dd82a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.tradefed.device.ITestDevice; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2099 extends SecurityTestCase { +public class CVE_2019_2099 extends NonRootSecurityTestCase { /** * b/123583388 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java index 1f3552c31ec..6aee640344b 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.tradefed.device.ITestDevice; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2115 extends SecurityTestCase { +public class CVE_2019_2115 extends NonRootSecurityTestCase { /** * b/129768470 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java index fe06a736bf6..cc9e24d61b1 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java @@ -16,15 +16,16 @@ package android.security.cts; -import com.android.tradefed.device.ITestDevice; - import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2135 extends SecurityTestCase { +public class CVE_2019_2135 extends NonRootSecurityTestCase { /** * b/125900276 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java index 91b20000241..cc50bb74e23 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.tradefed.device.ITestDevice; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2136 extends SecurityTestCase { +public class CVE_2019_2136 extends NonRootSecurityTestCase { /** * b/132650049 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java index 223e7684b1c..492010b642c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java @@ -18,12 +18,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; import android.platform.test.annotations.SecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2178 extends SecurityTestCase { +public class CVE_2019_2178 extends NonRootSecurityTestCase { /** * b/124462242 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java index 31ab4ce1c17..ae8f7ed9f34 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java @@ -18,13 +18,14 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2180 extends SecurityTestCase { +public class CVE_2019_2180 extends NonRootSecurityTestCase { /** * b/110899492 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java index 15fab836dd0..b393d26dec6 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2206 extends SecurityTestCase { +public class CVE_2019_2206 extends NonRootSecurityTestCase { /** * b/139188579 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java index 7ce43c7ad1a..1951c67d3ce 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_2207 extends SecurityTestCase { +public class CVE_2019_2207 extends NonRootSecurityTestCase { /** * b/124524315 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java index dbd7cc8426d..fe3ff06afdf 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.tradefed.device.ITestDevice; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2019_9247 extends SecurityTestCase { +public class CVE_2019_9247 extends NonRootSecurityTestCase { /** * b/120426166 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java index 58a24499b95..282a677f2ea 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.tradefed.device.ITestDevice; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0006 extends SecurityTestCase { +public class CVE_2020_0006 extends NonRootSecurityTestCase { /** * b/139738828 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java index 3aa0474a422..32a1e6ce404 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java @@ -23,13 +23,13 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0015 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2020_0015 extends NonRootSecurityTestCase { @AppModeFull @AsbSecurityTest(cveBugId = 139017101) diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java index 1207d1abd74..f2d934878bd 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java @@ -16,21 +16,25 @@ package android.security.cts; +import static org.hamcrest.CoreMatchers.not; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.*; +import static org.junit.Assume.*; +import static org.junit.matchers.JUnitMatchers.containsString; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.device.ITestDevice; -import java.util.Scanner; -import static org.hamcrest.core.Is.is; -import static org.hamcrest.CoreMatchers.not; -import static org.junit.Assert.*; -import static org.junit.Assume.*; -import static org.junit.matchers.JUnitMatchers.containsString; +import java.util.Scanner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0018 extends SecurityTestCase { +public class CVE_2020_0018 extends NonRootSecurityTestCase { /** * b/139945049 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java index 6689459f68a..3d054f099d1 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java @@ -18,17 +18,17 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; +import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.compatibility.common.util.CrashUtils; - import java.util.Arrays; -import java.util.ArrayList; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0034 extends SecurityTestCase { +public class CVE_2020_0034 extends NonRootSecurityTestCase { /** * b/62458770 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java index 3a87304a91f..8e913fa5e4c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.device.ITestDevice; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0037 extends SecurityTestCase { +public class CVE_2020_0037 extends NonRootSecurityTestCase { /** * b/143106535 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java index c197972af7a..32394824f74 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.device.ITestDevice; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0038 extends SecurityTestCase { +public class CVE_2020_0038 extends NonRootSecurityTestCase { /** * b/143109193 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java index 76ce470724b..eaf41411dff 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java @@ -17,13 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.device.ITestDevice; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0039 extends SecurityTestCase { +public class CVE_2020_0039 extends NonRootSecurityTestCase { /** * b/143155861 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java index 7c00d842659..83e6b7a17e5 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0072 extends SecurityTestCase { +public class CVE_2020_0072 extends NonRootSecurityTestCase { /** * b/147310271 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java index 04d65f81dbc..c868d47c965 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0073 extends SecurityTestCase { +public class CVE_2020_0073 extends NonRootSecurityTestCase { /** * b/147309942 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java index 614447c9a09..f523d472e03 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0226 extends SecurityTestCase { +public class CVE_2020_0226 extends NonRootSecurityTestCase { /** * b/150226994 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java index 237ed837a3f..a6609a4b26c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - import org.junit.Test; import org.junit.runner.RunWith; +import java.util.regex.Pattern; + @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0241 extends SecurityTestCase { +public class CVE_2020_0241 extends NonRootSecurityTestCase { /** * b/151456667 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java index 2ba62bfb697..59c7370e823 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java @@ -17,13 +17,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0243 extends SecurityTestCase { +public class CVE_2020_0243 extends NonRootSecurityTestCase { /** * b/151644303 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java index 2bc254e0724..094eaea3d9c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java @@ -19,7 +19,7 @@ package android.security.cts; import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -27,7 +27,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0338 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2020_0338 extends NonRootSecurityTestCase { @AppModeFull @AsbSecurityTest(cveBugId = 123700107) diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java index 12edb1af319..524f2d60abb 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java @@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; - import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import org.junit.Test; +import org.junit.runner.RunWith; + import java.util.Arrays; import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0381 extends SecurityTestCase { +public class CVE_2020_0381 extends NonRootSecurityTestCase { /** * b/150159669 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java index 72765d64f1f..5bdf01708e5 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java @@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; - import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import org.junit.Test; +import org.junit.runner.RunWith; + import java.util.Arrays; import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0383 extends SecurityTestCase { +public class CVE_2020_0383 extends NonRootSecurityTestCase { /** * b/150160279 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java index 34c66ded007..000e9705f98 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java @@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; - import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import org.junit.Test; +import org.junit.runner.RunWith; + import java.util.Arrays; import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0384 extends SecurityTestCase { +public class CVE_2020_0384 extends NonRootSecurityTestCase { /** * b/150159906 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java index 0f9e7d27dae..b9ba1279d8a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java @@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; - import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import org.junit.Test; +import org.junit.runner.RunWith; + import java.util.Arrays; import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0385 extends SecurityTestCase { +public class CVE_2020_0385 extends NonRootSecurityTestCase { /** * b/150160041 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java index bff13f3d28e..eac03390ff4 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java @@ -18,12 +18,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; import android.platform.test.annotations.SecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0420 extends SecurityTestCase { +public class CVE_2020_0420 extends NonRootSecurityTestCase { /** * b/162383705 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java index 27e202cf759..63c812854d2 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -27,7 +27,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0448 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2020_0448 extends NonRootSecurityTestCase { static final String TEST_APP = "CVE-2020-0448.apk"; static final String TEST_PKG = "android.security.cts.CVE_2020_0448"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java index 84b45a0304c..af8308029a5 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java @@ -18,13 +18,14 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_0458 extends SecurityTestCase { +public class CVE_2020_0458 extends NonRootSecurityTestCase { /** * b/160265164 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java index e3f6c262ad0..c9b448f598b 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java @@ -18,12 +18,15 @@ package android.security.cts; import static org.junit.Assert.*; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_11164 extends SecurityTestCase { +public class CVE_2020_11164 extends NonRootSecurityTestCase { /** * CVE-2020-11164 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java index a15335aa15c..a68d2e685c3 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java @@ -1,12 +1,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_11173 extends SecurityTestCase { +public class CVE_2020_11173 extends NonRootSecurityTestCase { /** * CVE-2020-11173 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java index 9664abff649..c1df440ed92 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java @@ -4,12 +4,15 @@ import static org.junit.Assert.*; import static org.junit.Assume.*; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_11282 extends SecurityTestCase { +public class CVE_2020_11282 extends NonRootSecurityTestCase { /** * CVE-2020-11282 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java index a285cd37397..a5e655737b9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java @@ -16,14 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import static org.junit.Assert.*; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_29374 extends SecurityTestCase { +public class CVE_2020_29374 extends NonRootSecurityTestCase { /** * b/174737879 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java index db50504616d..c02a2eca108 100755 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java @@ -16,14 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import static org.junit.Assert.*; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2020_29661 extends SecurityTestCase { +public class CVE_2020_29661 extends NonRootSecurityTestCase { /** * b/182917768 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java index 4b1bc22e33f..9df42ae7cf7 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java @@ -22,7 +22,7 @@ import android.util.Log; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.After; import org.junit.Assert; @@ -38,7 +38,7 @@ import org.junit.runner.RunWith; * collected from the hostside and reported accordingly. */ @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0305 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0305 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0305"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-0305.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java index 2cd9f7a28d4..c85c7325597 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0313 extends SecurityTestCase { +public class CVE_2021_0313 extends NonRootSecurityTestCase { /** * b/170968514 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java index 7487d151c7f..1476e911236 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -27,25 +27,24 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0315 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0315 extends NonRootSecurityTestCase { static final String TEST_PKG = "android.security.cts.CVE_2021_0315"; - ITestDevice mDevice; @After public void tearDown() throws Exception { - AdbUtils.runCommandLine("input keyevent KEYCODE_BACK", mDevice); + AdbUtils.runCommandLine("input keyevent KEYCODE_BACK", getDevice()); } @AsbSecurityTest(cveBugId = 169763814) @Test public void testPocCVE_2021_0315() throws Exception { - mDevice = getDevice(); - uninstallPackage(mDevice, TEST_PKG); + ITestDevice device = getDevice(); + uninstallPackage(device, TEST_PKG); /* Wake up the screen */ - AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", mDevice); - AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", mDevice); - AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", mDevice); + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); installPackage("CVE-2021-0315.apk"); runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testOverlayButtonPresence"); diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java index fa4b66b985b..15cdab54d96 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java @@ -17,13 +17,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.compatibility.common.util.CrashUtils; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0330 extends SecurityTestCase { +public class CVE_2021_0330 extends NonRootSecurityTestCase { /** * b/170732441 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java index 585d19bfbd2..71ce363ba8b 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0430 extends SecurityTestCase { +public class CVE_2021_0430 extends NonRootSecurityTestCase { /** * b/178725766 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java index fb7638c2a9d..6a22748d840 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0439 extends SecurityTestCase { +public class CVE_2021_0439 extends NonRootSecurityTestCase { /** * b/174243830 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0441.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0441.java new file mode 100644 index 00000000000..57b9a86c191 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0441.java @@ -0,0 +1,51 @@ +/** + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_0441 extends NonRootSecurityTestCase { + static final String TEST_PKG = "android.security.cts.CVE_2021_0441"; + static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; + static final String TEST_APP = "CVE-2021-0441.apk"; + + /** + * b/174495520 + */ + @AsbSecurityTest(cveBugId = 174495520) + @Test + public void testPocCVE_2021_0441() throws Exception { + ITestDevice device = getDevice(); + uninstallPackage(device, TEST_PKG); + + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + installPackage(TEST_APP); + runDeviceTests(TEST_PKG, TEST_CLASS, "testCVE_2021_0441"); + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java index 1224dc2da2d..90e65c2e338 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0473 extends SecurityTestCase { +public class CVE_2021_0473 extends NonRootSecurityTestCase { /** * b/179687208 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java index a3b1eae7c67..558b0924fbf 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java @@ -18,13 +18,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; import android.platform.test.annotations.SecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0478 extends SecurityTestCase { +public class CVE_2021_0478 extends NonRootSecurityTestCase { /** * b/169255797 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java index 4d2acacf2ff..05aa43e47c1 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0484 extends SecurityTestCase { +public class CVE_2021_0484 extends NonRootSecurityTestCase { /** * b/173720767 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java index 8f37185a69d..b26e0725ff4 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0490 extends SecurityTestCase { +public class CVE_2021_0490 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 183464868) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java index 3e6928853de..91f0b94b322 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java @@ -20,7 +20,7 @@ import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Assert; import org.junit.Before; @@ -28,7 +28,7 @@ import org.junit.runner.RunWith; import org.junit.Test; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0523 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0523 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.cve_2021_0523"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-0523.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java index 5a7ec8d1c24..f775822dfb6 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java @@ -20,14 +20,14 @@ import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Assert; import org.junit.Before; import org.junit.runner.RunWith; import org.junit.Test; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0586 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0586 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.cve_2021_0586"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-0586.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java index eb74b201862..92c64351de4 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java @@ -21,7 +21,7 @@ import android.platform.test.annotations.AsbSecurityTest; import android.platform.test.annotations.RequiresDevice; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import java.util.regex.Pattern; import org.junit.Assert; import org.junit.Before; @@ -33,7 +33,7 @@ import static org.junit.Assert.assertThat; import static org.junit.Assume.assumeTrue; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0591 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0591 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0591"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java index 0562b49b756..fecab0cf3e4 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; + import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0596 extends SecurityTestCase { +public class CVE_2021_0596 extends NonRootSecurityTestCase { /** * b/181346550 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java index d4bbfb3972e..41455a40249 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import static org.junit.Assert.*; - @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0636 extends SecurityTestCase { +public class CVE_2021_0636 extends NonRootSecurityTestCase { public void testPocCVE_2021_0636(String mediaFileName) throws Exception { /* diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java index 29fd2b39bf2..2e1ddda5360 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java @@ -19,7 +19,7 @@ package android.security.cts; import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -29,7 +29,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0642 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0642 extends NonRootSecurityTestCase { static final String TEST_APP = "CVE-2021-0642.apk"; static final String TEST_PKG = "android.security.cts.cve_2021_0642"; static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java index e6cd19f1d0b..24505d316a0 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java @@ -17,14 +17,18 @@ package android.security.cts; +import static org.junit.Assume.*; + import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; + import org.junit.Test; -import static org.junit.Assume.*; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0650 extends SecurityTestCase { +public class CVE_2021_0650 extends NonRootSecurityTestCase { /** * b/190286685 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java index 26bba4a6d50..15c59efc97e 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java @@ -19,14 +19,14 @@ package android.security.cts; import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Assert; import org.junit.Before; import org.junit.runner.RunWith; import org.junit.Test; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0685 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0685 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.cve_2021_0685"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-0685.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java index 666f7918718..3bfcae4af64 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java @@ -17,12 +17,15 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; + import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0689 extends SecurityTestCase { +public class CVE_2021_0689 extends NonRootSecurityTestCase { /** * b/190188264 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java index bf261fd0eab..01a3c07160b 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java @@ -22,7 +22,7 @@ import android.util.Log; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.log.LogUtil.CLog; import org.junit.After; @@ -38,7 +38,7 @@ import static org.hamcrest.CoreMatchers.*; * Test installs sample app and then tries to overwrite *.apk file */ @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0691 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0691 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0691"; private static final String TEST_APP = "CVE-2021-0691.apk"; private static final String DEVICE_TMP_DIR = "/data/local/tmp/"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java index 2b7ad1452d2..98deb18e315 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java @@ -19,13 +19,13 @@ package android.security.cts; import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0693 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0693 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0693"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java index fabaf89437a..9225b561ece 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java @@ -20,13 +20,13 @@ import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Before; import org.junit.runner.RunWith; import org.junit.Test; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0706 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0706 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0706"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java index 3ae0303371d..513942520a0 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java @@ -18,13 +18,16 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0919 extends SecurityTestCase { +public class CVE_2021_0919 extends NonRootSecurityTestCase { /** * b/197336441 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java index 760c265fe09..94f3b970c57 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java @@ -20,7 +20,7 @@ import android.platform.test.annotations.AppModeFull; import android.util.Log; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.log.LogUtil.CLog; import org.junit.After; import org.junit.Assert; @@ -30,7 +30,7 @@ import org.junit.runner.RunWith; import static org.junit.Assert.*; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0921 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0921 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0921"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-0921.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java index 617658973bb..b3c9717a280 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java @@ -15,14 +15,18 @@ */ package android.security.cts; + import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0925 extends SecurityTestCase { +public class CVE_2021_0925 extends NonRootSecurityTestCase { /** * Vulnerability Behaviour: SIGSEGV in self diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java index cbf108883a1..d83f26a9529 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java @@ -23,7 +23,7 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.log.LogUtil.CLog; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Assert; import org.junit.Before; @@ -31,7 +31,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0928 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0928 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0928"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-0928.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java index ecb6bdd3cd4..833b93aa854 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java @@ -19,13 +19,13 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0953 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0953 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 184046278) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java index 5532e4602a4..847feefa489 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2021 The Android Open Source Project + * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,43 +16,39 @@ package android.security.cts; -import android.platform.test.annotations.AppModeFull; +import static org.junit.Assume.assumeNoException; + import android.platform.test.annotations.AsbSecurityTest; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test; -import org.junit.Assert; -import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0954 extends BaseHostJUnit4Test { - private static final String TEST_PKG = "android.security.cts.cve_2021_0954"; - private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; - private static final String TEST_APP = "CVE-2021-0954.apk"; - private ITestDevice device; - - @Before - public void setUp() throws Exception { - device = getDevice(); - uninstallPackage(device, TEST_PKG); - - /* Wake up the screen */ - AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); - AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); - AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); - } +public class CVE_2021_0954 extends NonRootSecurityTestCase { + private static final String TEST_PKG = "android.security.cts.CVE_2021_0954"; - @AppModeFull @AsbSecurityTest(cveBugId = 143559931) @Test public void testPocCVE_2021_0954() throws Exception { - installPackage(TEST_APP); - AdbUtils.runCommandLine("pm grant " + TEST_PKG + " android.permission.SYSTEM_ALERT_WINDOW", - device); - runDeviceTests(TEST_PKG, TEST_CLASS, "testVulnerableActivityPresence"); + try { + ITestDevice device = getDevice(); + uninstallPackage(device, TEST_PKG); + + /* Wake up the screen */ + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + installPackage("CVE-2021-0954.apk"); + AdbUtils.runCommandLine( + "pm grant " + TEST_PKG + " android.permission.SYSTEM_ALERT_WINDOW", device); + runDeviceTests(TEST_PKG, TEST_PKG + "." + "DeviceTest", "testOverlayButtonPresence"); + } catch (Exception e) { + assumeNoException(e); + } } } diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java index 80fa239bc71..eddde21aacf 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java @@ -17,14 +17,17 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; + import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0956 extends SecurityTestCase { +public class CVE_2021_0956 extends NonRootSecurityTestCase { /** * b/189942532 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java index 65934f2741f..b7b0e2bdabc 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java @@ -21,7 +21,7 @@ import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Assert; import org.junit.Before; @@ -29,7 +29,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_0965 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_0965 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_0965"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-0965.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java index bfa056b2311..9a56b0c1c2c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java @@ -19,12 +19,15 @@ import static org.junit.Assert.*; import static org.junit.Assume.*; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_1906 extends SecurityTestCase { +public class CVE_2021_1906 extends NonRootSecurityTestCase { /** * CVE-2021-1906 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java index 415e2b1ad93..7b4712f2d5a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java @@ -15,15 +15,17 @@ */ package android.security.cts; -import android.platform.test.annotations.SecurityTest; +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import android.platform.test.annotations.AsbSecurityTest; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_30351 extends SecurityTestCase { +public class CVE_2021_30351 extends NonRootSecurityTestCase { /** * CVE-2021-30351 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39623.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39623.java new file mode 100644 index 00000000000..aaaa502f934 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39623.java @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.compatibility.common.util.CrashUtils; +import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.Arrays; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_39623 extends NonRootSecurityTestCase { + + /** + * b/194105348 + * Vulnerability Behaviour: SIGSEGV in self + * Vulnerable Library: libstagefright (As per AOSP code) + * Vulnerable Function: doRead (As per AOSP code) + */ + @AsbSecurityTest(cveBugId = 194105348) + @Test + public void testPocCVE_2021_39623() throws Exception { + String binaryName = "CVE-2021-39623"; + AdbUtils.pocConfig testConfig = new AdbUtils.pocConfig(binaryName, getDevice()); + testConfig.config = new CrashUtils.Config().setProcessPatterns(binaryName) + .setBacktraceIncludes(new BacktraceFilterPattern("libstagefright", + "android::SimpleDecodingSource::doRead")); + String signals[] = {CrashUtils.SIGSEGV}; + testConfig.config.setSignals(signals); + testConfig.inputFilesDestination = AdbUtils.TMP_PATH; + String inputFiles[] = {"cve_2021_39623.ogg"}; + testConfig.inputFiles = Arrays.asList(inputFiles); + testConfig.arguments = AdbUtils.TMP_PATH + inputFiles[0]; + AdbUtils.runPocAssertNoCrashesNotVulnerable(testConfig); + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java index 3b12ce5a926..c47ebf119b6 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -26,7 +26,7 @@ import org.junit.runner.RunWith; import org.junit.Test; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39626 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39626 extends NonRootSecurityTestCase { static final String TEST_APP = "CVE-2021-39626.apk"; static final String TEST_PKG = "android.security.cts.CVE_2021_39626"; static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java index 6cac004b175..29de04e3d0c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java @@ -20,16 +20,17 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; import java.util.Arrays; import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39664 extends SecurityTestCase { +public class CVE_2021_39664 extends NonRootSecurityTestCase { /** * b/203938029 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java index 519bd242f6a..6b1ae208f7a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java @@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39665 extends SecurityTestCase { +public class CVE_2021_39665 extends NonRootSecurityTestCase { /** * b/204077881 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java index 8f12b522fad..eb2c5ab7d07 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java @@ -18,13 +18,14 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39675 extends SecurityTestCase { +public class CVE_2021_39675 extends NonRootSecurityTestCase { /** * b/205729183 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java index 444f1a55a60..f75514208c6 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java @@ -23,13 +23,13 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39692 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39692 extends NonRootSecurityTestCase { @AppModeFull @AsbSecurityTest(cveBugId = 209611539) diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java index acc6a2ed00f..63235ecf78b 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java @@ -23,7 +23,7 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Test; import org.junit.runner.RunWith; @@ -31,7 +31,7 @@ import org.junit.runner.RunWith; import java.io.File; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39700 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39700 extends NonRootSecurityTestCase { /** * b/201645790 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java index f8d6fe6f1d5..5e78a90cd85 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -26,7 +26,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39701 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39701 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 212286849) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java index cf8a688976b..cf5d47c3dd8 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java @@ -21,14 +21,14 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39702 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39702 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2021_39702"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2021-39702.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39704.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39704.java new file mode 100644 index 00000000000..9aebd152144 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39704.java @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_39704 extends NonRootSecurityTestCase { + + @AsbSecurityTest(cveBugId = 209965481) + @Test + public void testPocCVE_2021_39704() { + try { + final String testPkg = "android.security.cts.CVE_2021_39704"; + + ITestDevice device = getDevice(); + + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + installPackage("CVE-2021-39704.apk"); + AdbUtils.runCommandLine( + "pm revoke " + "android.security.cts.CVE_2021_39704 " + + "android.permission.ACCESS_COARSE_LOCATION", + device); + + runDeviceTests(testPkg, testPkg + "." + "DeviceTest", + "testdeleteNotificationChannelGroup"); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java index cd8afef86e4..ecf096f31d1 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java @@ -21,7 +21,7 @@ import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -29,7 +29,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39706 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39706 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 200164168) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39707.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39707.java new file mode 100644 index 00000000000..e40cea6bbfb --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39707.java @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_39707 extends NonRootSecurityTestCase { + + @AsbSecurityTest(cveBugId = 200688991) + @Test + public void testPocCVE_2021_39707() { + ITestDevice device = getDevice(); + final String testPkg = "android.security.cts.CVE_2021_39707"; + int userId = -1; + try { + // Wake up the screen + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + // Create restricted user + String commandOutput = AdbUtils.runCommandLine( + "pm create-user --restricted CVE_2021_39707_RestrictedUser", device); + + // Extract user id of the restricted user + String[] tokens = commandOutput.split("\\s+"); + assumeTrue(tokens.length > 0); + assumeTrue(tokens[0].equals("Success:")); + userId = Integer.parseInt(tokens[tokens.length - 1]); + + // Install PoC application + installPackage("CVE-2021-39707.apk"); + runDeviceTests(testPkg, testPkg + ".DeviceTest", "testAppRestrictionsFragment"); + } catch (Exception e) { + assumeNoException(e); + } finally { + try { + // Back to home screen after test + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + if (userId != -1) { + // Remove restricted user + AdbUtils.runCommandLine("pm remove-user " + userId, device); + } + } catch (Exception e) { + // ignore all exceptions + } + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java index 0ae1efa8e83..d67b4e6d53f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -27,7 +27,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39794 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39794 extends NonRootSecurityTestCase { static final String TEST_APP = "CVE-2021-39794-test.apk"; static final String RECEIVER_APP = "CVE-2021-39794-receiver.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39795.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39795.java new file mode 100644 index 00000000000..a427e65169a --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39795.java @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_39795 extends NonRootSecurityTestCase { + private static final String TEST_PKG = "android.security.cts.CVE_2021_39795"; + private static final String DIR_PATH = "/storage/emulated/0/Android/data/CVE-2021-39795-dir"; + + @AsbSecurityTest(cveBugId = 201667614) + @Test + public void testPocCVE_2021_39795() { + ITestDevice device = null; + try { + device = getDevice(); + + /* Wake up the screen */ + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + installPackage("CVE-2021-39795.apk"); + + /* Make a directory inside "Android/data" folder */ + AdbUtils.runCommandLine("mkdir " + DIR_PATH, device); + + /* Allow Read and Write to external storage */ + AdbUtils.runCommandLine( + "pm grant " + TEST_PKG + " android.permission.READ_EXTERNAL_STORAGE", device); + AdbUtils.runCommandLine( + "pm grant " + TEST_PKG + " android.permission.WRITE_EXTERNAL_STORAGE", device); + + /* Allow the app to manage all files */ + AdbUtils.runCommandLine( + "appops set --uid " + TEST_PKG + " MANAGE_EXTERNAL_STORAGE allow", device); + + runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testFilePresence"); + } catch (Exception e) { + assumeNoException(e); + } finally { + try { + AdbUtils.runCommandLine("rm -rf " + DIR_PATH, device); + } catch (Exception e) { + // ignore the exceptions + } + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java index f90cae0c295..07fa92757d9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java @@ -20,14 +20,14 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39796 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39796 extends NonRootSecurityTestCase { static final int USER_ID = 0; static final String TEST_PKG = "android.security.cts.CVE_2021_39796"; static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java index ee835f50c93..1707ce92429 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java @@ -20,13 +20,13 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39797 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39797 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 209607104) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java index 1c1b246b0e5..0053fc6d219 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java @@ -20,18 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; -import com.android.tradefed.device.ITestDevice; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import org.junit.After; -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; import java.util.Arrays; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39804 extends SecurityTestCase { +public class CVE_2021_39804 extends NonRootSecurityTestCase { /** * b/215002587 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39808.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39808.java new file mode 100644 index 00000000000..f1eaad2edf7 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39808.java @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_39808 extends NonRootSecurityTestCase { + + @AsbSecurityTest(cveBugId = 209966086) + @Test + public void testPocCVE_2021_39808() { + try { + final String testPkg = "android.security.cts.CVE_2021_39808"; + + ITestDevice device = getDevice(); + + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + installPackage("CVE-2021-39808.apk"); + runDeviceTests(testPkg, testPkg + "." + "DeviceTest","testService"); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java index f9520824b26..9745336f8aa 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java @@ -21,14 +21,14 @@ import static org.junit.Assume.assumeNoException; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2021_39810 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2021_39810 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 212610736) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java index df8701c9e67..ec4d1977c01 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -26,7 +26,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20004 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2022_20004 extends NonRootSecurityTestCase { final static String TEST_PKG = "android.security.cts.CVE_2022_20004_test"; final static String PROVIDER_PKG = "android.security.cts.CVE_2022_20004_provider"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java index 47ea7ca8a47..abc94f5837c 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java @@ -20,7 +20,7 @@ import static org.junit.Assume.assumeNoException; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -28,7 +28,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20007 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2022_20007 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 211481342) @Test @@ -37,10 +37,12 @@ public class CVE_2022_20007 extends StsExtraBusinessLogicHostTestBase { final String testClass = testPkg + "." + "DeviceTest"; final String testApp = "CVE-2022-20007.apk"; final String testAttackerApp = "CVE-2022-20007-Attacker.apk"; + final String testSecondApp = "CVE-2022-20007-Second.apk"; ITestDevice device = getDevice(); try { installPackage(testApp); installPackage(testAttackerApp); + installPackage(testSecondApp); AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java index a8256d6bef0..e83f090e94d 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -27,7 +27,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20115 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2022_20115 extends NonRootSecurityTestCase { private static final String TEST_PKG = "android.security.cts.CVE_2022_20115"; private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; private static final String TEST_APP = "CVE-2022-20115.apk"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java index 8fbf4435029..baa87075b75 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java @@ -20,6 +20,7 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; import org.junit.Test; @@ -28,7 +29,7 @@ import org.junit.runner.RunWith; import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20123 extends SecurityTestCase { +public class CVE_2022_20123 extends NonRootSecurityTestCase { /** * b/221852424 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java index c94380457de..91f8e666ab6 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java @@ -18,6 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -25,7 +26,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20127 extends SecurityTestCase { +public class CVE_2022_20127 extends NonRootSecurityTestCase { /** * b/221862119 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java index 08b28b63724..1aeaa1d80fd 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java @@ -22,15 +22,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20131 extends SecurityTestCase { +public class CVE_2022_20131 extends NonRootSecurityTestCase { /** * b/221856662 * Vulnerability Behaviour: SIGSEGV in self diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java index 45c6fb137fc..9e5e7eb94b4 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java @@ -18,7 +18,7 @@ package android.security.cts; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -26,7 +26,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20138 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2022_20138 extends NonRootSecurityTestCase { static final String TEST_APP = "CVE-2022-20138.apk"; static final String TEST_PKG = "android.security.cts.CVE_2022_20138"; static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java index 41a727f857e..5b1d38ca53f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java @@ -22,15 +22,16 @@ import android.platform.test.annotations.AsbSecurityTest; import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import java.util.regex.Pattern; - -import org.junit.runner.RunWith; import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20147 extends SecurityTestCase { +public class CVE_2022_20147 extends NonRootSecurityTestCase { /** * b/221216105 * Vulnerability Behaviour: SIGSEGV in self diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java new file mode 100644 index 00000000000..3d31cee17c7 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2022_20197 extends NonRootSecurityTestCase { + private static final String TEST_PKG = "android.security.cts.CVE_2022_20197"; + + @AsbSecurityTest(cveBugId = 208279300) + @Test + public void testPocCVE_2022_20197() { + ITestDevice device = null; + boolean isPolicyPresent = true; + boolean isHiddenApiEnabled = true; + String status = ""; + try { + device = getDevice(); + installPackage("CVE-2022-20197.apk"); + + status = AdbUtils.runCommandLine("settings get global hidden_api_policy", device); + if (status.toLowerCase().contains("null")) { + isPolicyPresent = false; + } else if (!status.toLowerCase().contains("1")) { + isHiddenApiEnabled = false; + } + if (!isPolicyPresent || !isHiddenApiEnabled) { + AdbUtils.runCommandLine("settings put global hidden_api_policy 1", device); + } + runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testParcel"); + } catch (Exception e) { + assumeNoException(e); + } finally { + try { + if (!isPolicyPresent) { + AdbUtils.runCommandLine("settings delete global hidden_api_policy", device); + } else if (!isHiddenApiEnabled) { + AdbUtils.runCommandLine("settings put global hidden_api_policy " + status, + device); + } + } catch (Exception e) { + // ignore all exceptions. + } + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java index f593f204bd6..18d4cdd6f55 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java @@ -21,7 +21,7 @@ import static org.junit.Assume.assumeTrue; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -29,7 +29,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20223 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2022_20223 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 223578534) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java index 1886a4af4ac..59e7631b287 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java @@ -20,7 +20,7 @@ import static org.junit.Assume.assumeNoException; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -28,7 +28,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20230 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2022_20230 extends NonRootSecurityTestCase { public static final int USER_ID = 0; static final String TEST_APP = "CVE-2022-20230.apk"; static final String TEST_PKG = "android.security.cts.CVE_2022_20230"; diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java index de245bb06da..8087e692b5f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java @@ -20,7 +20,7 @@ import static org.junit.Assume.assumeNoException; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.device.ITestDevice; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; @@ -28,7 +28,7 @@ import org.junit.Test; import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class CVE_2022_20347 extends StsExtraBusinessLogicHostTestBase { +public class CVE_2022_20347 extends NonRootSecurityTestCase { @AsbSecurityTest(cveBugId = 228450811) @Test diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20348.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20348.java new file mode 100644 index 00000000000..df33a31144d --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20348.java @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2022_20348 extends NonRootSecurityTestCase { + static final String TEST_PKG = "android.security.cts.CVE_2022_20348"; + public static final String TEST_DEVICE_ADMIN_RECEIVER = ".PocDeviceAdminReceiver"; + + @AsbSecurityTest(cveBugId = 228315529) + @Test + public void testPocCVE_2022_20348() throws Exception { + try { + ITestDevice device = getDevice(); + + /* Wake up the screen */ + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + /* Install the test application */ + installPackage("CVE-2022-20348.apk"); + + /* Set Device Admin Component */ + AdbUtils.runCommandLine( + "dpm set-device-owner '" + TEST_PKG + "/" + TEST_DEVICE_ADMIN_RECEIVER + "'", + device); + + /* Run the test "testWifiScanningDisallowed" */ + runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testWifiScanningDisallowed"); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java new file mode 100644 index 00000000000..f8dcc48de61 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2022_20349 extends NonRootSecurityTestCase { + static final String TEST_PKG = "android.security.cts.CVE_2022_20349"; + public static final String TEST_DEVICE_ADMIN_RECEIVER = ".PocDeviceAdminReceiver"; + + @AsbSecurityTest(cveBugId = 228315522) + @Test + public void testPocCVE_2022_20349() throws Exception { + try { + ITestDevice device = getDevice(); + + /* Wake up the screen */ + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + /* Install the test application */ + installPackage("CVE-2022-20349.apk"); + + /* Set Device Admin Component */ + AdbUtils.runCommandLine( + "dpm set-device-owner '" + TEST_PKG + "/" + TEST_DEVICE_ADMIN_RECEIVER + "'", + device); + + /* Run the test "testBluetoothScanningDisallowed" */ + runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testBluetoothScanningDisallowed"); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20353.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20353.java new file mode 100644 index 00000000000..12bb187b47f --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20353.java @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2022_20353 extends NonRootSecurityTestCase { + + @AsbSecurityTest(cveBugId = 221041256) + @Test + public void testPocCVE_2022_20353() { + try { + final String testPkg = "android.security.cts.CVE_2022_20353"; + ITestDevice device = getDevice(); + + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + // to generate NOTICE.html if not already present + AdbUtils.runCommandLine("am start -a android.settings.LICENSE", device); + + installPackage("CVE-2022-20353.apk"); + + runDeviceTests(testPkg, testPkg + ".DeviceTest", "testDefaultRingtonePreference"); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_22082.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_22082.java new file mode 100644 index 00000000000..a0200f17840 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_22082.java @@ -0,0 +1,50 @@ +/** + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package android.security.cts; + +import static org.junit.Assume.*; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2022_22082 extends NonRootSecurityTestCase { + + /** + * CVE-2022-22082 + */ + @AsbSecurityTest(cveBugId = 223211217) + @Test + public void testPocCVE_2022_22082() throws Exception { + /* + * Non StageFright test. + */ + safeReboot(); + AdbUtils.pushResource("/cve_2022_22082.dsf", "/sdcard/cve_2022_22082.dsf", getDevice()); + AdbUtils.runCommandLine("logcat -c", getDevice()); + AdbUtils.runCommandLine( + "am start -a android.intent.action.VIEW -t audio/dsf -d" + + " file:///sdcard/cve_2022_22082.dsf", + getDevice()); + Thread.sleep(10000); + AdbUtils.assertNoCrashes(getDevice(), "media.extractor"); + } +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/HostsideMainlineModuleDetector.java b/hostsidetests/securitybulletin/src/android/security/cts/HostsideMainlineModuleDetector.java deleted file mode 100644 index 1d57cb6a468..00000000000 --- a/hostsidetests/securitybulletin/src/android/security/cts/HostsideMainlineModuleDetector.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.cts; - -import com.android.ddmlib.Log; - -import com.google.common.collect.ImmutableSet; - -import java.util.Set; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -public class HostsideMainlineModuleDetector { - private static final String LOG_TAG = "MainlineModuleDetector"; - - private SecurityTestCase context; - - private static ImmutableSet<String> playManagedModules; - - HostsideMainlineModuleDetector(SecurityTestCase context) { - this.context = context; - } - - synchronized Set<String> getPlayManagedModules() throws Exception { - if (playManagedModules == null) { - AdbUtils.runCommandLine("logcat -c", context.getDevice()); - String output = AdbUtils.runCommandLine( - "am start com.android.cts.mainlinemoduledetector/.MainlineModuleDetector", - context.getDevice()); - Log.logAndDisplay(Log.LogLevel.INFO, LOG_TAG, - "am output: " + output); - Thread.sleep(5 * 1000L); - String logcat = AdbUtils.runCommandLine("logcat -d -s MainlineModuleDetector:I", - context.getDevice()); - Log.logAndDisplay(Log.LogLevel.INFO, LOG_TAG, - "Found logcat output: " + logcat); - Matcher matcher = Pattern.compile("Play managed modules are: <(.*?)>").matcher(logcat); - if (matcher.find()) { - playManagedModules = ImmutableSet.copyOf(matcher.group(1).split(",")); - } else { - playManagedModules = ImmutableSet.of(); - } - } - return playManagedModules; - } -} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java index 367c766f750..2a0a572acc2 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java @@ -15,15 +15,18 @@ */ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_04 extends SecurityTestCase { +public class Poc16_04 extends NonRootSecurityTestCase { /** * b/26323455 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java index f185352d60c..a837d5b0a5f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_05 extends SecurityTestCase { +public class Poc16_05 extends NonRootSecurityTestCase { /** * b/27555981 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java index 6f7d26bde86..d4519ba3f84 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_06 extends SecurityTestCase { +public class Poc16_06 extends NonRootSecurityTestCase { /** * b/27661749 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java index d5982522bb4..ae91d11e6d9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_07 extends SecurityTestCase { +public class Poc16_07 extends NonRootSecurityTestCase { /** * b/28740702 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java index e3f9906a2ca..69821c88987 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_09 extends SecurityTestCase { +public class Poc16_09 extends NonRootSecurityTestCase { /** * b/27773913 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java index c19333af12c..beec744e4ea 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_10 extends SecurityTestCase { +public class Poc16_10 extends NonRootSecurityTestCase { /** * b/30204103 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java index 5012920c3de..e1334b59dc8 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_11 extends SecurityTestCase { +public class Poc16_11 extends NonRootSecurityTestCase { /** * b/29149404 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java index 392b11a1c4a..96570645487 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc16_12 extends SecurityTestCase { +public class Poc16_12 extends NonRootSecurityTestCase { //Criticals /** diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java index 07737163131..71e6998c4e2 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_01 extends SecurityTestCase { +public class Poc17_01 extends NonRootSecurityTestCase { //Criticals /** diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java index 1fd4bf95d68..cd3dab04536 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_02 extends SecurityTestCase { +public class Poc17_02 extends NonRootSecurityTestCase { /** * b/32799236 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java index 50093b81a96..fba71464cc9 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java @@ -16,17 +16,20 @@ package android.security.cts; -import java.util.concurrent.Callable; +import static org.junit.Assert.*; import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + import org.junit.Test; import org.junit.runner.RunWith; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import java.util.concurrent.Callable; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_03 extends SecurityTestCase { +public class Poc17_03 extends NonRootSecurityTestCase { /** * b/31824853 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java index 36f921c81b0..478398b864a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_04 extends SecurityTestCase { +public class Poc17_04 extends NonRootSecurityTestCase { /** * b/32342065 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java index fcedfb95a89..11a31233b0e 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java @@ -16,18 +16,18 @@ package android.security.cts; -import java.util.Arrays; -import java.util.concurrent.Callable; +import static org.junit.Assert.*; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_05 extends SecurityTestCase { +public class Poc17_05 extends NonRootSecurityTestCase { /* * CVE-2016-5862 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java index a3609a2418d..9afeb9bdb76 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_06 extends SecurityTestCase { +public class Poc17_06 extends NonRootSecurityTestCase { /** * b/36392138 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java index f9309e5b93c..52b40a6d08a 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_07 extends SecurityTestCase { +public class Poc17_07 extends NonRootSecurityTestCase { /** * b/35443725 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java index dbb50bd19b7..fdbc11f37fe 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_09 extends SecurityTestCase { +public class Poc17_09 extends NonRootSecurityTestCase { /** * b/63852675 @@ -32,31 +35,39 @@ public class Poc17_09 extends SecurityTestCase { @Test @AsbSecurityTest(cveBugId = 63852675) public void testPocCve_2017_6983() throws Exception { - // Error code of 139 represents segmentation fault - assertFalse("Segfault found", - AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" - + "INSERT INTO a values(x'efbeaddeefbeadde');" - + "SELECT optimize(b) FROM a;\"" - , getDevice() - )==139); - assertFalse("Segfault found", - AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" - + "INSERT INTO a values(x'efbeaddeefbeadde');" - + "SELECT snippet(b) FROM a;\"" - , getDevice() - )==139); - assertFalse("Segfault found", - AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" - + "INSERT INTO a values(x'efbeaddeefbeadde');" - + "SELECT offsets(b) FROM a;\"" - , getDevice() - )==139); - assertFalse("Segfault found", - AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" - + "INSERT INTO a values(x'efbeaddeefbeadde');" - + "SELECT matchinfo(b) FROM a;\"" - , getDevice() - )==139); + // Error code of 139 represents segmentation fault + assertFalse( + "Segfault found", + AdbUtils.runCommandGetExitCode( + "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" + + "INSERT INTO a values(x'efbeaddeefbeadde');" + + "SELECT optimize(b) FROM a;\"", + getDevice()) + == 139); + assertFalse( + "Segfault found", + AdbUtils.runCommandGetExitCode( + "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" + + "INSERT INTO a values(x'efbeaddeefbeadde');" + + "SELECT snippet(b) FROM a;\"", + getDevice()) + == 139); + assertFalse( + "Segfault found", + AdbUtils.runCommandGetExitCode( + "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" + + "INSERT INTO a values(x'efbeaddeefbeadde');" + + "SELECT offsets(b) FROM a;\"", + getDevice()) + == 139); + assertFalse( + "Segfault found", + AdbUtils.runCommandGetExitCode( + "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);" + + "INSERT INTO a values(x'efbeaddeefbeadde');" + + "SELECT matchinfo(b) FROM a;\"", + getDevice()) + == 139); } /** diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java index 168656111e4..4d406b7ce29 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_11 extends SecurityTestCase { +public class Poc17_11 extends NonRootSecurityTestCase { /** * b/36075131 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java index 160ec27d4a4..f63f34ff507 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc17_12 extends SecurityTestCase { +public class Poc17_12 extends NonRootSecurityTestCase { /** * b/38045794 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java index 1730fefecd2..b27efff8fd5 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_02 extends SecurityTestCase { +public class Poc18_02 extends NonRootSecurityTestCase { /** * b/68953950 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java index 0899f282005..f7a9519071d 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_03 extends SecurityTestCase { +public class Poc18_03 extends NonRootSecurityTestCase { /** * b/71389378 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java index 17ada80a888..7a4fd549db4 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_04 extends SecurityTestCase { +public class Poc18_04 extends NonRootSecurityTestCase { /** * b/69683251 * Does not require root but must be a hostside test to avoid diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java index 320f9970ee1..9b1830d9d6f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_05 extends SecurityTestCase { +public class Poc18_05 extends NonRootSecurityTestCase { /** * b/70721937 * Does not require root but must be a hostside test to avoid a race diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java index 63cdf56707a..236865e89b5 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_06 extends SecurityTestCase { +public class Poc18_06 extends NonRootSecurityTestCase { /** * CVE-2018-5884 @@ -35,9 +38,11 @@ public class Poc18_06 extends SecurityTestCase { String wfd_service = AdbUtils.runCommandLine( "pm list package com.qualcomm.wfd.service", getDevice()); if (wfd_service.contains("com.qualcomm.wfd.service")) { - String result = AdbUtils.runCommandLine( - "am broadcast -a qualcomm.intent.action.WIFI_DISPLAY_BITRATE --ei format 3 --ei value 32", - getDevice()); + String result = + AdbUtils.runCommandLine( + "am broadcast -a qualcomm.intent.action.WIFI_DISPLAY_BITRATE --ei" + + " format 3 --ei value 32", + getDevice()); assertNotMatchesMultiLine("Broadcast completed", result); } } diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java index 11476586982..ce3ee4d445f 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_07 extends SecurityTestCase { +public class Poc18_07 extends NonRootSecurityTestCase { /** * b/76221123 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java index a8b90508973..3e0cc2da5d8 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_10 extends SecurityTestCase { +public class Poc18_10 extends NonRootSecurityTestCase { /** * b/111641492 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java index e6ca50b8869..8f00629f3cf 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc18_11 extends SecurityTestCase { +public class Poc18_11 extends NonRootSecurityTestCase { /** * b/113027383 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java index 1e56873f4b1..dab20669def 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc19_03 extends SecurityTestCase { +public class Poc19_03 extends NonRootSecurityTestCase { /** * b/115739809 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java index a22fc97d425..f9f8b7cb689 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc19_05 extends SecurityTestCase { +public class Poc19_05 extends NonRootSecurityTestCase { /** * CVE-2019-2257 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java index 71cb84d8824..791b8b456d0 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc19_07 extends SecurityTestCase { +public class Poc19_07 extends NonRootSecurityTestCase { /** * Bug-137878930 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java index 5a8f4d78a68..b029aa6953d 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java @@ -1,14 +1,17 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc20_01 extends SecurityTestCase { +public class Poc20_01 extends NonRootSecurityTestCase { /** * CVE-2019-14002 */ diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java index 5b9bb220c0e..72e7b960509 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc20_03 extends SecurityTestCase { +public class Poc20_03 extends NonRootSecurityTestCase { /** * b/147882143 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java index 6ed83c1ac32..3f2d1d0d798 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java @@ -16,15 +16,18 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc20_06 extends SecurityTestCase { +public class Poc20_06 extends NonRootSecurityTestCase { /** * CVE-2020-3635 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java index bd2a761e2fb..89b83fc0506 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java @@ -16,16 +16,19 @@ package android.security.cts; +import static org.junit.Assert.*; +import static org.junit.Assume.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; -import static org.junit.Assume.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc20_11 extends SecurityTestCase { +public class Poc20_11 extends NonRootSecurityTestCase { /** * b/162741784 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java index e55570052cb..6aa885336f4 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java @@ -16,16 +16,19 @@ package android.security.cts; +import static org.junit.Assert.*; +import static org.junit.Assume.*; + import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; -import static org.junit.Assume.*; +import org.junit.Test; +import org.junit.runner.RunWith; @RunWith(DeviceJUnit4ClassRunner.class) -public class Poc21_01 extends SecurityTestCase { +public class Poc21_01 extends NonRootSecurityTestCase { /** * b/168211968 diff --git a/hostsidetests/securitybulletin/src/android/security/cts/PocPusher.java b/hostsidetests/securitybulletin/src/android/security/cts/PocPusher.java deleted file mode 100644 index 07f45db0d4e..00000000000 --- a/hostsidetests/securitybulletin/src/android/security/cts/PocPusher.java +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.cts; - - -import org.junit.runner.Description; -import org.junit.runners.model.Statement; - -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; -import java.io.File; -import java.io.FileNotFoundException; - -import org.junit.runner.Description; -import org.junit.rules.TestWatcher; - -import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper; -import com.android.tradefed.build.IBuildInfo; -import com.android.tradefed.device.DeviceNotAvailableException; -import com.android.tradefed.device.ITestDevice; -import com.android.tradefed.log.LogUtil.CLog; -import com.android.tradefed.testtype.IAbi; - -import static org.junit.Assume.*; -import static org.junit.Assert.*; - -public class PocPusher extends TestWatcher { - private ITestDevice device = null; - private CompatibilityBuildHelper buildHelper = null; - private IAbi abi = null; - - private Set<String> filesToCleanup = new HashSet(); - public boolean bitness32 = true; - public boolean bitness64 = true; - public boolean appendBitness = true; - public boolean cleanup = true; - - @Override - protected void starting(Description d) { - bothBitness(); - appendBitness = true; - cleanup = true; - } - - @Override - protected void finished(Description d) { - for (Iterator<String> it = filesToCleanup.iterator(); it.hasNext();) { - String file = it.next(); - try { - CLog.i("Cleaning up %s", file); - device.deleteFile(file); - } catch (DeviceNotAvailableException e) { - CLog.e("Device unavailable when cleaning up %s", file); - continue; // try to remove next time - } - it.remove(); - } - } - - public PocPusher setDevice(ITestDevice device) { - this.device = device; - return this; - } - - public PocPusher setAbi(IAbi abi) { - this.abi = abi; - return this; - } - - public PocPusher setBuild(IBuildInfo buildInfo) { - buildHelper = new CompatibilityBuildHelper(buildInfo); - return this; - } - - public PocPusher appendBitness(boolean append) { - this.appendBitness = append; - return this; - } - - public PocPusher cleanup(boolean cleanup) { - this.cleanup = cleanup; - return this; - } - - public PocPusher only32() { - bitness32 = true; - bitness64 = false; - return this; - } - - public PocPusher only64() { - bitness32 = false; - bitness64 = true; - return this; - } - - public PocPusher bothBitness() { - bitness32 = true; - bitness64 = true; - return this; - } - - public void pushFile(String testFile, String remoteFile) - throws FileNotFoundException, DeviceNotAvailableException { - if (appendBitness) { - // if neither 32 or 64, nothing would ever be pushed. - assertTrue("bitness must be 32, 64, or both.", bitness32 || bitness64); - - String bitness = SecurityTestCase.getAbi(device).getBitness().trim(); - - // 32-bit doesn't have a 64-bit compatibility layer; skipping. - assumeFalse(bitness.equals("32") && !bitness32); - - // push the 32-bit file on 64-bit device if a 64-bit file doesn't exist. - if (bitness.equals("64") && !bitness64) { - bitness = "32"; - CLog.i("Pushing a 32-bit file onto a 64-bit device."); - } - testFile += bitness; - } - CLog.i("Pushing local: %s to remote: %s", testFile.toString(), remoteFile); - File localFile = buildHelper.getTestFile(testFile); - device.pushFile(localFile, remoteFile); - if (cleanup) { - filesToCleanup.add(remoteFile); - } - } -} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/RegexUtils.java b/hostsidetests/securitybulletin/src/android/security/cts/RegexUtils.java deleted file mode 100644 index 9ce7e39f35f..00000000000 --- a/hostsidetests/securitybulletin/src/android/security/cts/RegexUtils.java +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.cts; - -import java.util.concurrent.TimeoutException; -import java.util.regex.Pattern; -import java.util.regex.Matcher; -import com.android.ddmlib.Log.LogLevel; -import com.android.tradefed.log.LogUtil.CLog; - -import static org.junit.Assert.*; - -public class RegexUtils { - private static final int TIMEOUT_DURATION = 20 * 60_000; // 20 minutes - private static final int WARNING_THRESHOLD = 1000; // 1 second - private static final int CONTEXT_RANGE = 100; // chars before/after matched input string - - public static void assertContains(String pattern, String input) throws Exception { - assertFind(pattern, input, false, false); - } - - public static void assertContainsMultiline(String pattern, String input) throws Exception { - assertFind(pattern, input, false, true); - } - - public static void assertNotContains(String pattern, String input) throws Exception { - assertFind(pattern, input, true, false); - } - - public static void assertNotContainsMultiline(String pattern, String input) throws Exception { - assertFind(pattern, input, true, true); - } - - private static void assertFind( - String pattern, String input, boolean shouldFind, boolean multiline) { - // The input string throws an error when used after the timeout - TimeoutCharSequence timedInput = new TimeoutCharSequence(input, TIMEOUT_DURATION); - Matcher matcher = null; - if (multiline) { - // DOTALL lets .* match line separators - // MULTILINE lets ^ and $ match line separators instead of input start and end - matcher = Pattern.compile( - pattern, Pattern.DOTALL|Pattern.MULTILINE).matcher(timedInput); - } else { - matcher = Pattern.compile(pattern).matcher(timedInput); - } - - try { - long start = System.currentTimeMillis(); - boolean found = matcher.find(); - long duration = System.currentTimeMillis() - start; - - if (duration > WARNING_THRESHOLD) { - // Provide a warning to the test developer that their regex should be optimized. - CLog.logAndDisplay(LogLevel.WARN, "regex match took " + duration + "ms."); - } - - if (found && shouldFind) { // failed notContains - String substring = input.substring(matcher.start(), matcher.end()); - String context = getInputContext(input, matcher.start(), matcher.end(), - CONTEXT_RANGE, CONTEXT_RANGE); - fail("Pattern found: '" + pattern + "' -> '" + substring + "' for input:\n..." + - context + "..."); - } else if (!found && !shouldFind) { // failed contains - fail("Pattern not found: '" + pattern + "' for input:\n..." + input + "..."); - } - } catch (TimeoutCharSequence.CharSequenceTimeoutException e) { - // regex match has taken longer than the timeout - // this usually means the input is extremely long or the regex is catastrophic - fail("Regex timeout with pattern: '" + pattern + "' for input:\n..." + input + "..."); - } - } - - /* - * Helper method to grab the nearby chars for a subsequence. Similar to the -A and -B flags for - * grep. - */ - private static String getInputContext(String input, int start, int end, int before, int after) { - start = Math.max(0, start - before); - end = Math.min(input.length(), end + after); - return input.substring(start, end); - } - - /* - * Wrapper for a given CharSequence. When charAt() is called, the current time is compared - * against the timeout. If the current time is greater than the expiration time, an exception is - * thrown. The expiration time is (time of object construction) + (timeout in milliseconds). - */ - private static class TimeoutCharSequence implements CharSequence { - long expireTime = 0; - CharSequence chars = null; - - TimeoutCharSequence(CharSequence chars, long timeout) { - this.chars = chars; - expireTime = System.currentTimeMillis() + timeout; - } - - @Override - public char charAt(int index) { - if (System.currentTimeMillis() > expireTime) { - throw new CharSequenceTimeoutException( - "TimeoutCharSequence was used after the expiration time."); - } - return chars.charAt(index); - } - - @Override - public int length() { - return chars.length(); - } - - @Override - public CharSequence subSequence(int start, int end) { - return new TimeoutCharSequence(chars.subSequence(start, end), - expireTime - System.currentTimeMillis()); - } - - @Override - public String toString() { - return chars.toString(); - } - - private static class CharSequenceTimeoutException extends RuntimeException { - public CharSequenceTimeoutException(String message) { - super(message); - } - } - } -} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java b/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java deleted file mode 100644 index d7a3afc7a6d..00000000000 --- a/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java +++ /dev/null @@ -1,367 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.cts; - -import com.android.compatibility.common.util.MetricsReportLog; -import com.android.compatibility.common.util.ResultType; -import com.android.compatibility.common.util.ResultUnit; -import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; -import com.android.tradefed.build.IBuildInfo; -import com.android.tradefed.config.Option; -import com.android.tradefed.testtype.IBuildReceiver; -import com.android.tradefed.testtype.IAbi; -import com.android.tradefed.testtype.IAbiReceiver; -import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test; -import com.android.tradefed.device.DeviceNotAvailableException; -import com.android.tradefed.device.ITestDevice; -import com.android.tradefed.device.NativeDevice; -import com.android.tradefed.log.LogUtil.CLog; -import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import com.android.ddmlib.Log; - -import org.junit.rules.TestName; -import org.junit.Rule; -import org.junit.After; -import org.junit.Before; -import org.junit.runner.RunWith; - -import java.util.Map; -import java.util.HashMap; -import java.util.regex.Pattern; -import java.util.regex.Matcher; -import java.util.concurrent.Callable; -import java.math.BigInteger; - -import static org.junit.Assert.*; -import static org.junit.Assume.*; -import static org.hamcrest.core.Is.is; - -public class SecurityTestCase extends StsExtraBusinessLogicHostTestBase { - - private static final String LOG_TAG = "SecurityTestCase"; - private static final int RADIX_HEX = 16; - - protected static final int TIMEOUT_DEFAULT = 60; - // account for the poc timer of 5 minutes (+15 seconds for safety) - protected static final int TIMEOUT_NONDETERMINISTIC = 315; - - private long kernelStartTime = -1; - - private HostsideMainlineModuleDetector mainlineModuleDetector = new HostsideMainlineModuleDetector(this); - - @Rule public TestName testName = new TestName(); - @Rule public PocPusher pocPusher = new PocPusher(); - - private static Map<ITestDevice, IBuildInfo> sBuildInfo = new HashMap<>(); - private static Map<ITestDevice, IAbi> sAbi = new HashMap<>(); - private static Map<ITestDevice, String> sTestName = new HashMap<>(); - private static Map<ITestDevice, PocPusher> sPocPusher = new HashMap<>(); - - @Option(name = "set-kptr_restrict", - description = "If kptr_restrict should be set to 2 after every reboot") - private boolean setKptr_restrict = false; - private boolean ignoreKernelAddress = false; - - /** - * Waits for device to be online, marks the most recent boottime of the device - */ - @Before - public void setUp() throws Exception { - getDevice().waitForDeviceAvailable(); - getDevice().disableAdbRoot(); - updateKernelStartTime(); - // TODO:(badash@): Watch for other things to track. - // Specifically time when app framework starts - - sBuildInfo.put(getDevice(), getBuild()); - sAbi.put(getDevice(), getAbi()); - sTestName.put(getDevice(), testName.getMethodName()); - - pocPusher.setDevice(getDevice()).setBuild(getBuild()).setAbi(getAbi()); - sPocPusher.put(getDevice(), pocPusher); - - if (setKptr_restrict) { - if (getDevice().enableAdbRoot()) { - CLog.i("setting kptr_restrict to 2"); - getDevice().executeShellCommand("echo 2 > /proc/sys/kernel/kptr_restrict"); - getDevice().disableAdbRoot(); - } else { - // not a rootable device - ignoreKernelAddress = true; - } - } - } - - /** - * Makes sure the phone is online, and the ensure the current boottime is within 2 seconds - * (due to rounding) of the previous boottime to check if The phone has crashed. - */ - @After - public void tearDown() throws Exception { - try { - getDevice().waitForDeviceAvailable(90 * 1000); - } catch (DeviceNotAvailableException e) { - // Force a disconnection of all existing sessions to see if that unsticks adbd. - getDevice().executeAdbCommand("reconnect"); - getDevice().waitForDeviceAvailable(30 * 1000); - } - - if (kernelStartTime != -1) { - // only fail when the kernel start time is valid - long deviceTime = getDeviceUptime() + kernelStartTime; - long hostTime = System.currentTimeMillis() / 1000; - assertTrue("Phone has had a hard reset", (hostTime - deviceTime) < 2); - kernelStartTime = -1; - } - - // TODO(badash@): add ability to catch runtime restart - } - - public static IBuildInfo getBuildInfo(ITestDevice device) { - return sBuildInfo.get(device); - } - - public static IAbi getAbi(ITestDevice device) { - return sAbi.get(device); - } - - public static String getTestName(ITestDevice device) { - return sTestName.get(device); - } - - public static PocPusher getPocPusher(ITestDevice device) { - return sPocPusher.get(device); - } - - // TODO convert existing assertMatches*() to RegexUtils.assertMatches*() - // b/123237827 - @Deprecated - public void assertMatches(String pattern, String input) throws Exception { - RegexUtils.assertContains(pattern, input); - } - - @Deprecated - public void assertMatchesMultiLine(String pattern, String input) throws Exception { - RegexUtils.assertContainsMultiline(pattern, input); - } - - @Deprecated - public void assertNotMatches(String pattern, String input) throws Exception { - RegexUtils.assertNotContains(pattern, input); - } - - @Deprecated - public void assertNotMatchesMultiLine(String pattern, String input) throws Exception { - RegexUtils.assertNotContainsMultiline(pattern, input); - } - - /** - * Runs a provided function that collects a String to test against kernel pointer leaks. - * The getPtrFunction function implementation must return a String that starts with the - * pointer. i.e. "01234567". Trailing characters are allowed except for [0-9a-fA-F]. In - * the event that the pointer appears to be vulnerable, a JUnit assert is thrown. Since kernel - * pointers can be hashed, there is a possiblity the the hashed pointer overlaps into the - * normal kernel space. The test re-runs to make false positives statistically insignificant. - * When kernel pointers won't change without a reboot, provide a device to reboot. - * - * @param getPtrFunction a function that returns a string that starts with a pointer - * @param deviceToReboot device to reboot when kernel pointers won't change - */ - public void assertNotKernelPointer(Callable<String> getPtrFunction, ITestDevice deviceToReboot) - throws Exception { - assumeFalse("Cannot set kptr_restrict to 2, ignoring kptr test.", ignoreKernelAddress); - String ptr = null; - for (int i = 0; i < 4; i++) { // ~0.4% chance of false positive - ptr = getPtrFunction.call(); - if (ptr == null) { - return; - } - if (!isKptr(ptr)) { - // quit early because the ptr is likely hashed or zeroed. - return; - } - if (deviceToReboot != null) { - deviceToReboot.nonBlockingReboot(); - deviceToReboot.waitForDeviceAvailable(); - updateKernelStartTime(); - } - } - fail("\"" + ptr + "\" is an exposed kernel pointer."); - } - - private boolean isKptr(String ptr) { - Matcher m = Pattern.compile("[0-9a-fA-F]*").matcher(ptr); - if (!m.find() || m.start() != 0) { - // ptr string is malformed - return false; - } - int length = m.end(); - - if (length == 8) { - // 32-bit pointer - BigInteger address = new BigInteger(ptr.substring(0, length), RADIX_HEX); - // 32-bit kernel memory range: 0xC0000000 -> 0xffffffff - // 0x3fffffff bytes = 1GB / 0xffffffff = 4 GB - // 1 in 4 collision for hashed pointers - return address.compareTo(new BigInteger("C0000000", RADIX_HEX)) >= 0; - } else if (length == 16) { - // 64-bit pointer - BigInteger address = new BigInteger(ptr.substring(0, length), RADIX_HEX); - // 64-bit kernel memory range: 0x8000000000000000 -> 0xffffffffffffffff - // 48-bit implementation: 0xffff800000000000; 1 in 131,072 collision - // 56-bit implementation: 0xff80000000000000; 1 in 512 collision - // 64-bit implementation: 0x8000000000000000; 1 in 2 collision - return address.compareTo(new BigInteger("ff80000000000000", RADIX_HEX)) >= 0; - } - - return false; - } - - /** - * Check if a driver is present and readable. - */ - protected boolean containsDriver(ITestDevice device, String driver) throws Exception { - return containsDriver(device, driver, true); - } - - /** - * Check if a driver is present on a machine. - */ - protected boolean containsDriver(ITestDevice device, String driver, boolean checkReadable) - throws Exception { - boolean containsDriver = false; - if (driver.contains("*")) { - // -A list all files but . and .. - // -d directory, not contents - // -1 list one file per line - // -f unsorted - String ls = "ls -A -d -1 -f " + driver; - if (AdbUtils.runCommandGetExitCode(ls, device) == 0) { - String[] expanded = device.executeShellCommand(ls).split("\\R"); - for (String expandedDriver : expanded) { - containsDriver |= containsDriver(device, expandedDriver, checkReadable); - } - } - } else { - if(checkReadable) { - containsDriver = AdbUtils.runCommandGetExitCode("test -r " + driver, device) == 0; - } else { - containsDriver = AdbUtils.runCommandGetExitCode("test -e " + driver, device) == 0; - } - } - - MetricsReportLog reportLog = buildMetricsReportLog(getDevice()); - reportLog.addValue("path", driver, ResultType.NEUTRAL, ResultUnit.NONE); - reportLog.addValue("exists", containsDriver, ResultType.NEUTRAL, ResultUnit.NONE); - reportLog.submit(); - - return containsDriver; - } - - protected static MetricsReportLog buildMetricsReportLog(ITestDevice device) { - IBuildInfo buildInfo = getBuildInfo(device); - IAbi abi = getAbi(device); - String testName = getTestName(device); - - StackTraceElement[] stacktraces = Thread.currentThread().getStackTrace(); - int stackDepth = 2; // 0: getStackTrace(), 1: buildMetricsReportLog, 2: caller - String className = stacktraces[stackDepth].getClassName(); - String methodName = stacktraces[stackDepth].getMethodName(); - String classMethodName = String.format("%s#%s", className, methodName); - - // The stream name must be snake_case or else json formatting breaks - String streamName = methodName.replaceAll("(\\p{Upper})", "_$1").toLowerCase(); - - MetricsReportLog reportLog = new MetricsReportLog( - buildInfo, - abi.getName(), - classMethodName, - "CtsSecurityBulletinHostTestCases", - streamName, - true); - reportLog.addValue("test_name", testName, ResultType.NEUTRAL, ResultUnit.NONE); - return reportLog; - } - - private long getDeviceUptime() throws DeviceNotAvailableException { - String uptime = null; - int attempts = 5; - do { - if (attempts-- <= 0) { - throw new RuntimeException("could not get device uptime"); - } - getDevice().waitForDeviceAvailable(); - uptime = getDevice().executeShellCommand("cat /proc/uptime").trim(); - } while (uptime.isEmpty()); - return Long.parseLong(uptime.substring(0, uptime.indexOf('.'))); - } - - public void safeReboot() throws DeviceNotAvailableException { - getDevice().nonBlockingReboot(); - getDevice().waitForDeviceAvailable(); - updateKernelStartTime(); - } - - /** - * Allows a test to pass if called after a planned reboot. - */ - public void updateKernelStartTime() throws DeviceNotAvailableException { - long uptime = getDeviceUptime(); - kernelStartTime = (System.currentTimeMillis() / 1000) - uptime; - } - - /** - * Return true if a module is play managed. - * - * Example of skipping a test based on mainline modules: - * <pre> - * @Test - * public void testPocCVE_1234_5678() throws Exception { - * // This will skip the test if MODULE_METADATA mainline module is play managed. - * assumeFalse(moduleIsPlayManaged("com.google.android.captiveportallogin")); - * // Do testing... - * } - * * </pre> - */ - boolean moduleIsPlayManaged(String modulePackageName) throws Exception { - return mainlineModuleDetector.getPlayManagedModules().contains(modulePackageName); - } - - public void assumeIsSupportedNfcDevice(ITestDevice device) throws Exception { - String supportedDrivers[] = { "/dev/nq-nci*", "/dev/pn54*", "/dev/pn551*", "/dev/pn553*", - "/dev/pn557*", "/dev/pn65*", "/dev/pn66*", "/dev/pn67*", - "/dev/pn80*", "/dev/pn81*", "/dev/sn100*", "/dev/sn220*", - "/dev/st54j*", "/dev/st21nfc*" }; - boolean isDriverFound = false; - for(String supportedDriver : supportedDrivers) { - if(containsDriver(device, supportedDriver, false)) { - isDriverFound = true; - break; - } - } - String[] output = device.executeShellCommand("ls -la /dev | grep nfc").split("\\n"); - String nfcDevice = null; - for (String line : output) { - if(line.contains("nfc")) { - String text[] = line.split("\\s+"); - nfcDevice = text[text.length - 1]; - } - } - assumeTrue("NFC device " + nfcDevice + " is not supported. Hence skipping the test", - isDriverFound); - } -} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java index c4d37b0ecb5..60eae2b2bdc 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java @@ -16,27 +16,25 @@ package android.security.cts; -import com.android.tradefed.device.ITestDevice; -import com.android.tradefed.log.LogUtil.CLog; -import com.android.compatibility.common.util.CrashUtils; +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; +import static org.junit.Assume.*; import android.platform.test.annotations.AsbSecurityTest; -import org.junit.Test; -import org.junit.runner.RunWith; + +import com.android.compatibility.common.util.CrashUtils; +import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase; import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; -import static org.junit.Assert.*; -import static org.junit.Assume.*; import junit.framework.Assert; -import java.util.Arrays; -import java.util.ArrayList; -import static org.junit.Assume.*; -import static org.hamcrest.CoreMatchers.*; +import org.junit.Test; +import org.junit.runner.RunWith; -@RunWith(DeviceJUnit4ClassRunner.class) -public class TestMedia extends SecurityTestCase { +import java.util.Arrays; +@RunWith(DeviceJUnit4ClassRunner.class) +public class TestMedia extends NonRootSecurityTestCase { /****************************************************************************** * To prevent merge conflicts, add tests for N below this comment, before any diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/Android.bp b/hostsidetests/securitybulletin/test-apps/BUG-182810085/Android.bp new file mode 100644 index 00000000000..d7af1caff97 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/Android.bp @@ -0,0 +1,31 @@ +// Copyright (C) 2021 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +android_test_helper_app { + name: "BUG-182810085", + defaults: ["cts_support_defaults"], + srcs: ["src/**/*.java"], + test_suites: [ + "cts", + "vts10", + "sts", + ], + static_libs: [ + "androidx.appcompat_appcompat", + "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", + "androidx.test.core", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/BUG-182810085/AndroidManifest.xml new file mode 100644 index 00000000000..5777c1825ac --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/AndroidManifest.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.BUG_182810085" + minSdkVersion="29"> + + <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" /> + + <application android:theme="@style/Theme.AppCompat.Light"> + <uses-library android:name="android.test.runner" /> + <service android:name=".OverlayService" + android:enabled="true" + android:exported="false" /> + + <activity + android:name=".MainActivity" + android:label="ST (Permission)" + android:exported="true" + android:taskAffinity="android.security.cts.BUG_182810085.MainActivity"> + + <intent-filter> + <action android:name="android.intent.action.MAIN" /> + <category android:name="android.intent.category.LAUNCHER" /> + </intent-filter> + </activity> + + </application> + + <instrumentation + android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.BUG_182810085" /> + +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/layout/activity_main.xml b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/layout/activity_main.xml new file mode 100644 index 00000000000..0ac0cf489f4 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/layout/activity_main.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<RelativeLayout + xmlns:android="http://schemas.android.com/apk/res/android" + xmlns:tools="http://schemas.android.com/tools" + android:layout_width="match_parent" + android:layout_height="match_parent" + android:gravity="left" + tools:context=".MainActivity" > + + <LinearLayout + android:id="@+id/linearLayout1" + android:layout_width="fill_parent" + android:layout_height="wrap_content" + android:layout_below="@+id/seekShowTimes" + android:layout_centerHorizontal="true" + android:layout_marginTop="53dp" + android:orientation="horizontal" > + + <Button + android:id="@+id/btnStart" + android:layout_width="wrap_content" + android:layout_height="wrap_content" + android:text="Start" /> + + </LinearLayout> + +</RelativeLayout> diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/values/strings.xml new file mode 100644 index 00000000000..347c9e1dec7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/values/strings.xml @@ -0,0 +1,19 @@ +<!-- + ~ Copyright (C) 2021 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<resources> + <string name="tapjacking_text">BUG_182810085 overlay text</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/Constants.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/Constants.java new file mode 100644 index 00000000000..d7b940e99eb --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/Constants.java @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.BUG_182810085; + +final class Constants { + + public static final String LOG_TAG = "BUG-182810085"; + public static final String TEST_APP_PACKAGE = Constants.class.getPackage().getName(); + + public static final String ACTION_START_TAPJACKING = "BUG_182810085.start_tapjacking"; +} diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/DeviceTest.java new file mode 100644 index 00000000000..4dbe976cdb0 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/DeviceTest.java @@ -0,0 +1,122 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.BUG_182810085; + +import static android.security.cts.BUG_182810085.Constants.LOG_TAG; + +import org.junit.Before; +import org.junit.After; +import org.junit.Test; +import org.junit.runner.RunWith; + +import android.content.Context; +import android.content.Intent; +import android.content.pm.PackageManager; +import android.util.Log; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; + +import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.BySelector; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiObject2; +import androidx.test.uiautomator.Until; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertNotNull; + +/** Basic sample for unbundled UiAutomator. */ +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + private static final long WAIT_FOR_UI_TIMEOUT = 20_000; + + private Context mContext; + private UiDevice mDevice; + + @Before + public void setUp() throws Exception { + Log.d(LOG_TAG, "startMainActivityFromHomeScreen()"); + + mContext = getApplicationContext(); + + // If the permission is not granted, the app will not be able to show an overlay dialog. + // This is required for the test below. + // NOTE: The permission is granted by the HostJUnit4Test implementation and should not fail. + assertEquals("Permission SYSTEM_ALERT_WINDOW not granted!", + mContext.checkSelfPermission("android.permission.SYSTEM_ALERT_WINDOW"), + PackageManager.PERMISSION_GRANTED); + + // Initialize UiDevice instance + mDevice = UiDevice.getInstance(getInstrumentation()); + if (!mDevice.isScreenOn()) { + mDevice.wakeUp(); + } + mDevice.pressHome(); + } + + @Test + public void testTapjacking() throws InterruptedException { + Log.d(LOG_TAG, "Starting tap-jacking test"); + + launchTestApp(); + + launchTapjackedActivity(); + + mContext.sendBroadcast(new Intent(Constants.ACTION_START_TAPJACKING)); + Log.d(LOG_TAG, "Sent intent to start tap-jacking!"); + + UiObject2 overlay = waitForView(By.text(mContext.getString(R.string.tapjacking_text))); + assertNull("Tap-jacking successful. Overlay was displayed.!", overlay); + } + + @After + public void tearDown() { + mDevice.pressHome(); + } + + private void launchTestApp() { + Intent intent = mContext.getPackageManager().getLaunchIntentForPackage( + Constants.TEST_APP_PACKAGE); + intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK); + mContext.startActivity(intent); + + // Wait for the app to appear + UiObject2 view = waitForView(By.pkg(Constants.TEST_APP_PACKAGE).depth(0)); + assertNotNull("test-app did not appear!", view); + Log.d(LOG_TAG, "test-app appeared"); + } + + private void launchTapjackedActivity() { + Intent intent = new Intent(); + intent.setAction("android.settings.BLUETOOTH_SETTINGS"); + intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK); + mContext.startActivity(intent); + + UiObject2 activityInstance = waitForView(By.pkg("com.android.car.settings").depth(0)); + assertNotNull("Activity under-test was not launched or found!", activityInstance); + + Log.d(LOG_TAG, "Started Activity under-test."); + } + + private UiObject2 waitForView(BySelector selector) { + return mDevice.wait(Until.findObject(selector), WAIT_FOR_UI_TIMEOUT); + } +} diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/MainActivity.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/MainActivity.java new file mode 100644 index 00000000000..b31e83bddcb --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/MainActivity.java @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package android.security.cts.BUG_182810085; + +import static android.security.cts.BUG_182810085.Constants.LOG_TAG; + +import android.app.AlertDialog; +import android.content.BroadcastReceiver; +import android.content.Context; +import android.content.Intent; +import android.content.IntentFilter; +import android.os.Bundle; +import android.os.Handler; +import android.os.Looper; +import android.util.Log; +import android.view.Gravity; +import android.view.WindowManager.LayoutParams; +import android.widget.Button; +import android.widget.ImageView; +import android.widget.SeekBar; +import android.widget.Toast; + +import androidx.annotation.Nullable; +import androidx.appcompat.app.AppCompatActivity; + +import java.util.ArrayList; + +/** Main activity for the test-app. */ +public final class MainActivity extends AppCompatActivity { + + private final BroadcastReceiver mReceiver = new BroadcastReceiver() { + public void onReceive(Context context, Intent intent) { + startTapjacking(); + } + }; + + private Button btnStart; + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + setContentView(R.layout.activity_main); + + registerReceiver(mReceiver, new IntentFilter(Constants.ACTION_START_TAPJACKING)); + + btnStart = (Button) findViewById(R.id.btnStart); + btnStart.setOnClickListener(v -> startTapjacking()); + } + + @Override + protected void onDestroy() { + super.onDestroy(); + unregisterReceiver(mReceiver); + stopOverlayService(); + } + + public void startTapjacking() { + Log.d(LOG_TAG, "Starting tap-jacking flow."); + stopOverlayService(); + + startOverlayService(); + Log.d(LOG_TAG, "Started overlay-service."); + } + + private void startOverlayService() { + startService(new Intent(getApplicationContext(), OverlayService.class)); + } + + private void stopOverlayService() { + stopService(new Intent(getApplicationContext(), OverlayService.class)); + } +} diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/OverlayService.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/OverlayService.java new file mode 100644 index 00000000000..0c62a80ca46 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/OverlayService.java @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.BUG_182810085; + +import android.app.Service; +import android.content.Intent; +import android.content.res.Resources; +import android.graphics.PixelFormat; +import android.os.Handler; +import android.os.IBinder; +import android.os.Looper; +import android.provider.Settings; +import android.util.DisplayMetrics; +import android.util.Log; +import android.view.Gravity; +import android.view.WindowManager; +import android.widget.Button; + +/** Service that starts the overlay for the test. */ +public final class OverlayService extends Service { + public Button mButton; + private WindowManager mWindowManager; + private WindowManager.LayoutParams mLayoutParams; + + @Override + public void onCreate() { + Log.d(Constants.LOG_TAG, "onCreate() called"); + super.onCreate(); + + DisplayMetrics displayMetrics = Resources.getSystem().getDisplayMetrics(); + int scaledWidth = (int) (displayMetrics.widthPixels * 0.9); + int scaledHeight = (int) (displayMetrics.heightPixels * 0.9); + + mWindowManager = getSystemService(WindowManager.class); + mLayoutParams = new WindowManager.LayoutParams(); + mLayoutParams.type = WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY; + mLayoutParams.flags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL + | WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE; + mLayoutParams.format = PixelFormat.OPAQUE; + mLayoutParams.gravity = Gravity.CENTER; + mLayoutParams.width = scaledWidth; + mLayoutParams.height = scaledHeight; + mLayoutParams.x = scaledWidth / 2; + mLayoutParams.y = scaledHeight / 2; + } + + @Override + public IBinder onBind(Intent intent) { + return null; + } + + @Override + public int onStartCommand(Intent intent, int flags, int startId) { + Log.d(Constants.LOG_TAG, "onStartCommand() called"); + showFloatingWindow(); + return super.onStartCommand(intent, flags, startId); + } + + @Override + public void onDestroy() { + Log.d(Constants.LOG_TAG, "onDestroy() called"); + if (mWindowManager != null && mButton != null) { + mWindowManager.removeView(mButton); + } + super.onDestroy(); + } + + private void showFloatingWindow() { + if (!Settings.canDrawOverlays(this)) { + Log.w(Constants.LOG_TAG, "Cannot show overlay window. Permission denied"); + } + + mButton = new Button(getApplicationContext()); + mButton.setText(getResources().getString(R.string.tapjacking_text)); + mButton.setTag(mButton.getVisibility()); + mWindowManager.addView(mButton, mLayoutParams); + + new Handler(Looper.myLooper()).postDelayed(this::stopSelf, 60_000); + Log.d(Constants.LOG_TAG, "Floating window created"); + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/Android.bp new file mode 100644 index 00000000000..f07b5cc421e --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/Android.bp @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2021-0441", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/AndroidManifest.xml new file mode 100644 index 00000000000..66451bd556b --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/AndroidManifest.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2021_0441" + android:versionCode="1" + android:versionName="1.0"> + <application + android:allowBackup="true" + android:label="@string/app_name" + android:supportsRtl="true"> + <activity android:name=".PocActivity" android:exported="true"> + <intent-filter> + <action android:name="android.intent.action.MAIN" /> + <category android:name="android.intent.category.LAUNCHER" /> + </intent-filter> + </activity> + </application> + <instrumentation + android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2021_0441" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/layout/activity_main.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/layout/activity_main.xml new file mode 100644 index 00000000000..7460b96ae6b --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/layout/activity_main.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<LinearLayout + xmlns:android="http://schemas.android.com/apk/res/android" + android:orientation="vertical" + android:layout_width="match_parent" + android:layout_height="match_parent"> + <View + android:id="@+id/drawableview" + android:layout_width="match_parent" + android:layout_height="300dp" /> +</LinearLayout> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/integers.xml new file mode 100644 index 00000000000..3496d8a778f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/integers.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + --> + +<resources> + <integer name="pictures">200</integer> + <integer name="request_code">1</integer> + <integer name="wait_time_ms">10000</integer> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/strings.xml new file mode 100644 index 00000000000..9d8dd1b4319 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/strings.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <string name="app_name"> + CVE-2021-0441 + </string> + <string name="ui_id_alert"> + android:id/alertTitle + </string> + <string name="ui_id_message"> + android:id/message + </string> + <string name="path"> + content://media/external_primary/images/media/ + </string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/DeviceTest.java new file mode 100644 index 00000000000..1d9c47b7acf --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/DeviceTest.java @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_0441; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; +import static org.junit.Assume.assumeFalse; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; +import static org.junit.Assert.fail; + +import android.content.Context; +import android.content.Intent; +import android.content.pm.PackageManager; + +import androidx.annotation.IntegerRes; +import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.BySelector; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiObject2; +import androidx.test.uiautomator.Until; + +import java.util.List; +import java.util.regex.Pattern; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + Context mAppContext; + + int getInteger(@IntegerRes int resId) { + return mAppContext.getResources().getInteger(resId); + } + + String getString(@IntegerRes int resId) { + return mAppContext.getResources().getString(resId); + } + + @Test + public void testCVE_2021_0441() { + try { + UiDevice device = UiDevice.getInstance(getInstrumentation()); + mAppContext = getApplicationContext(); + PackageManager packageManager = mAppContext.getPackageManager(); + String packageName = mAppContext.getPackageName(); + final Intent intent = packageManager.getLaunchIntentForPackage(packageName); + intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK); + mAppContext.startActivity(intent); + + // Selecting all visible objects with res-id: android:id/alertTitle + Pattern patternAlert = Pattern.compile(getString(R.string.ui_id_alert)); + BySelector selectorAlert = By.res(patternAlert); + + // Selecting all visible objects with res-id: android:id/message + Pattern patternMessage = Pattern.compile(getString(R.string.ui_id_message)); + BySelector selectorMessage = By.res(patternMessage); + + boolean isAlertTitleVisible = + device.wait(Until.hasObject(selectorAlert), getInteger(R.integer.wait_time_ms)); + boolean isMessageVisible = device.wait(Until.hasObject(selectorMessage), + getInteger(R.integer.wait_time_ms)); + assumeTrue(isAlertTitleVisible || isMessageVisible); + + List<UiObject2> objectsAlertTitle = device.findObjects(selectorAlert); + List<UiObject2> objectsMessage = device.findObjects(selectorMessage); + assumeFalse(objectsAlertTitle.isEmpty() && objectsMessage.isEmpty()); + + if (!objectsAlertTitle.isEmpty() && objectsMessage.isEmpty()) { + for (UiObject2 obj : objectsAlertTitle) { + String text = obj.getText(); + if (text == null) { + continue; + } + if (text.contains(getString(R.string.app_name)) + && text.contains(Integer.toString(getInteger(R.integer.pictures)))) { + fail("Vulnerable to b/174495520 !!"); + } + } + } + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/PocActivity.java new file mode 100644 index 00000000000..7c8b8fe71f9 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/PocActivity.java @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_0441; + +import android.app.Activity; +import android.app.PendingIntent; +import android.content.IntentSender; +import android.net.Uri; +import android.os.Bundle; +import android.provider.MediaStore; + +import java.util.ArrayList; +import java.util.List; + +public class PocActivity extends Activity { + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + setContentView(R.layout.activity_main); + requestDeletePermission(getUriList(getResources().getInteger(R.integer.pictures))); + } + + ArrayList<Uri> getUriList(int capacity) { + ArrayList<Uri> list = new ArrayList<Uri>(); + for (int i = 0; i < capacity; ++i) { + Uri uri = Uri.parse(getString(R.string.path) + i); + list.add(uri); + } + return list; + } + + private void requestDeletePermission(List<Uri> uriList) { + PendingIntent pi = MediaStore.createDeleteRequest(getContentResolver(), uriList); + try { + startIntentSenderForResult(pi.getIntentSender(), + getResources().getInteger(R.integer.request_code), null, 0, 0, 0); + } catch (IntentSender.SendIntentException e) { + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp index aa9f71f574b..59350cf546f 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2021 The Android Open Source Project + * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,10 +18,10 @@ android_test_helper_app { name: "CVE-2021-0954", defaults: ["cts_support_defaults"], - srcs: ["src/**/*.java"], + srcs: [ + "src/**/*.java" + ], test_suites: [ - "cts", - "vts10", "sts", ], static_libs: [ diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml index a7e0218c422..75299c4ddfe 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml @@ -1,5 +1,5 @@ <!-- - Copyright 2021 The Android Open Source Project + Copyright 2022 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -13,25 +13,19 @@ See the License for the specific language governing permissions and limitations under the License. --> + <manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" - package="android.security.cts.cve_2021_0954" + package="android.security.cts.CVE_2021_0954" android:versionCode="1" android:versionName="1.0"> - <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" /> - - <application - android:allowBackup="true" - android:label="CVE_2021_0954" - android:supportsRtl="true"> - <uses-library android:name="android.test.runner" /> + <application> <service android:name=".PocService" android:enabled="true" - android:exported="false" /> + android:exported="true" /> </application> - <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" - android:targetPackage="android.security.cts.cve_2021_0954" /> + android:targetPackage="android.security.cts.CVE_2021_0954" /> </manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/integers.xml new file mode 100644 index 00000000000..363df0001d7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/integers.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <integer name="assumptionFailure">-1</integer> + <integer name="noAssumptionFailure">0</integer> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/strings.xml new file mode 100644 index 00000000000..7c4d959b70f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/strings.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright (C) 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<resources> + <string name="canNotDrawOverlaysMsg">The application cannot draw overlays</string> + <string name="defaultSemaphoreMsg">Could not get message key in shared preferences</string> + <string name="cmdDumpsysActivity">dumpsys activity %1$s</string> + <string name="empty"></string> + <string name="overlayErrorMessage">Device is vulnerable to b/143559931 hence any app with + "SYSTEM_ALERT_WINDOW can overlay the %1$s screen</string> + <string name="mResumedTrue">mResumed=true</string> + <string name="messageKey">message</string> + <string name="overlayButtonText">OverlayButton</string> + <string name="overlayUiScreenError">Overlay UI did not appear on the screen</string> + <string name="resultKey">result</string> + <string name="sharedPreferences">CVE_2021_0954_prefs</string> + <string name="timedOutPocActivity">Timed out waiting on a result from PocActivity</string> + <string name="vulClass">com.android.internal.app.ResolverActivity</string> + <string name="vulClassAuto">com.android.car.activityresolver.CarResolverActivity</string> + <string name="vulPkg">android</string> + <string name="vulPkgAuto">com.android.car.activityresolver</string> + <string name="vulActivityNotRunningError">The %1$s is not currently running on the device + </string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java index f98690625e9..9a94ef953c1 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2021 The Android Open Source Project + * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,17 +14,20 @@ * limitations under the License. */ -package android.security.cts.cve_2021_0954; +package android.security.cts.CVE_2021_0954; import static androidx.test.core.app.ApplicationProvider.getApplicationContext; import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; + +import static org.junit.Assert.assertTrue; import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; -import android.content.ActivityNotFoundException; import android.content.Context; import android.content.Intent; +import android.content.SharedPreferences; +import android.content.SharedPreferences.OnSharedPreferenceChangeListener; +import android.content.pm.PackageManager; import android.provider.Settings; import androidx.test.runner.AndroidJUnit4; @@ -32,90 +35,107 @@ import androidx.test.uiautomator.By; import androidx.test.uiautomator.UiDevice; import androidx.test.uiautomator.Until; -import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import java.io.IOException; +import java.util.concurrent.Semaphore; +import java.util.concurrent.TimeUnit; import java.util.regex.Pattern; @RunWith(AndroidJUnit4.class) public class DeviceTest { - private static final String TEST_PKG = "android.security.cts.cve_2021_0954"; - private static final String TEST_VULNERABLE_PKG = "android"; - private static final String TEST_VULNERABLE_ACTIVITY = - "com.android.internal.app.ResolverActivity"; - private static final int LAUNCH_TIMEOUT_MS = 20000; - private static final String vulnerableActivityName = "ResolverActivity"; - private UiDevice mDevice; - String activityDump = ""; - - private void startOverlayService() { - Context context = getApplicationContext(); - assertNotNull(context); - Intent intent = new Intent(context, PocService.class); - assertNotNull(intent); - - if (Settings.canDrawOverlays(getApplicationContext())) { - context.startService(intent); - } else { - try { - context.startService(intent); - } catch (Exception e) { - throw new RuntimeException("Unable to start the overlay service", e); - } - } + private Context mContext = getApplicationContext(); + private static final int TIMEOUT_MS = 10000; + + private boolean hasFeature(String feature) { + return mContext.getPackageManager().hasSystemFeature(feature); } - public void startVulnerableActivity() { - Context context = getApplicationContext(); - Intent intent = new Intent(); - intent.setClassName(TEST_VULNERABLE_PKG, TEST_VULNERABLE_ACTIVITY); - intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); - try { - context.startActivity(intent); - } catch (ActivityNotFoundException e) { - assumeNoException("Activity not found on device", e); - } + private boolean isAuto() { + return hasFeature(PackageManager.FEATURE_AUTOMOTIVE); } - @Before - public void setUp() throws Exception { - mDevice = UiDevice.getInstance(getInstrumentation()); + String getStringRes(int key) { + return mContext.getResources().getString(key); + } - /* Start the vulnerable activity */ - startVulnerableActivity(); - if (!mDevice.wait(Until.hasObject(By.res("android:id/contentPanel") - .clazz("android.widget.ScrollView").pkg("android")), LAUNCH_TIMEOUT_MS)) { - return; - } + String getStringResWithArg(int key, String arg) { + return mContext.getResources().getString(key, arg); + } - /* Start the overlay service */ - startOverlayService(); + int getIntegerRes(int key) { + return mContext.getResources().getInteger(key); } @Test - public void testVulnerableActivityPresence() { - Pattern overlayTextPattern = Pattern.compile("OverlayButton", Pattern.CASE_INSENSITIVE); - if (!mDevice.wait(Until.hasObject(By.text(overlayTextPattern)), LAUNCH_TIMEOUT_MS)) { - return; - } - - /* - * Check if the currently running activity is the vulnerable activity, if not abort the test - */ + public void testOverlayButtonPresence() { try { - activityDump = mDevice.executeShellCommand("dumpsys activity"); - } catch (IOException e) { - throw new RuntimeException("Could not execute dumpsys activity command"); - } - Pattern activityPattern = - Pattern.compile("mResumedActivity.*" + vulnerableActivityName + ".*\n"); - if (!activityPattern.matcher(activityDump).find()) { - return; + UiDevice device = UiDevice.getInstance(getInstrumentation()); + + /* Start the overlay service */ + assumeTrue(getStringRes(R.string.canNotDrawOverlaysMsg), + Settings.canDrawOverlays(mContext)); + Intent intent = new Intent(mContext, PocService.class); + mContext.startService(intent); + + /* Wait for a result from overlay service */ + SharedPreferences sharedPrefs = mContext.getSharedPreferences( + getStringRes(R.string.sharedPreferences), Context.MODE_PRIVATE); + final Semaphore preferenceChanged = new Semaphore(0); + OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() { + @Override + public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, + String key) { + if (key.equals(getStringRes(R.string.resultKey))) { + preferenceChanged.release(); + } + } + }; + sharedPrefs.registerOnSharedPreferenceChangeListener(listener); + assumeTrue(preferenceChanged.tryAcquire(TIMEOUT_MS, TimeUnit.MILLISECONDS)); + int result = sharedPrefs.getInt(getStringRes(R.string.resultKey), + getIntegerRes(R.integer.assumptionFailure)); + String message = sharedPrefs.getString(getStringRes(R.string.messageKey), + getStringRes(R.string.defaultSemaphoreMsg)); + assumeTrue(message, result != getIntegerRes(R.integer.assumptionFailure)); + + /* Wait for the UI of overlay window to appear */ + Pattern overlayTextPattern = Pattern.compile( + mContext.getString(R.string.overlayButtonText), Pattern.CASE_INSENSITIVE); + assumeTrue(mContext.getString(R.string.overlayUiScreenError), + device.wait(Until.hasObject(By.text(overlayTextPattern)), TIMEOUT_MS)); + + /* Start the vulnerable activity */ + intent = new Intent(); + String vulActivity = getStringRes(R.string.vulClass); + String vulPkg = getStringRes(R.string.vulPkg); + if (isAuto()) { + vulActivity = getStringRes(R.string.vulClassAuto); + vulPkg = getStringRes(R.string.vulPkgAuto); + } + intent.setClassName(vulPkg, vulActivity); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + mContext.startActivity(intent); + + /* Wait until the object of overlay window is gone */ + boolean overlayDisallowed = + device.wait(Until.gone(By.pkg(mContext.getPackageName())), TIMEOUT_MS); + + /* + * Check if the currently running activity is the vulnerable activity, if not abort the + * test + */ + String activityDump = device.executeShellCommand( + getStringResWithArg(R.string.cmdDumpsysActivity, vulActivity)); + Pattern activityPattern = Pattern.compile(getStringRes(R.string.mResumedTrue)); + assumeTrue(getStringRes(R.string.vulActivityNotRunningError), + activityPattern.matcher(activityDump).find()); + + /* Failing the test as fix is not present */ + assertTrue(getStringResWithArg(R.string.overlayErrorMessage, vulActivity), + overlayDisallowed); + } catch (Exception e) { + assumeNoException(e); } - String message = "Device is vulnerable to b/143559931 hence any app with " - + "SYSTEM_ALERT_WINDOW can overlay the ResolverActivity screen"; - assertNull(message, mDevice.findObject(By.text(overlayTextPattern))); } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java index 82b78a2beba..79270baa65e 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2021 The Android Open Source Project + * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,47 +14,65 @@ * limitations under the License. */ -package android.security.cts.cve_2021_0954; +package android.security.cts.CVE_2021_0954; import android.app.Service; +import android.content.Context; import android.content.Intent; +import android.content.SharedPreferences; import android.content.res.Resources; import android.graphics.PixelFormat; -import android.os.Handler; import android.os.IBinder; -import android.provider.Settings; import android.view.Gravity; import android.view.WindowManager; import android.view.WindowManager.LayoutParams; import android.widget.Button; public class PocService extends Service { - public static Button mButton; - private WindowManager mWindowManager; - private WindowManager.LayoutParams mLayoutParams; + Button mButton; + WindowManager mWindowManager; - private static int getScreenWidth() { + private int getScreenWidth() { return Resources.getSystem().getDisplayMetrics().widthPixels; } - private static int getScreenHeight() { + private int getScreenHeight() { return Resources.getSystem().getDisplayMetrics().heightPixels; } + String getStringRes(int key) { + return getResources().getString(key); + } + + int getIntegerRes(int key) { + return getResources().getInteger(key); + } + @Override public void onCreate() { - super.onCreate(); - mWindowManager = getSystemService(WindowManager.class); - mLayoutParams = new WindowManager.LayoutParams(); - mLayoutParams.type = WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY; - mLayoutParams.flags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL - | WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE; - mLayoutParams.format = PixelFormat.OPAQUE; - mLayoutParams.gravity = Gravity.LEFT | Gravity.TOP; - mLayoutParams.width = getScreenWidth(); - mLayoutParams.height = getScreenHeight(); - mLayoutParams.x = getScreenWidth() / 2; - mLayoutParams.y = getScreenHeight() / 2; + try { + super.onCreate(); + mWindowManager = getSystemService(WindowManager.class); + LayoutParams layoutParams = new LayoutParams(); + layoutParams.type = LayoutParams.TYPE_APPLICATION_OVERLAY; + layoutParams.flags = + LayoutParams.FLAG_NOT_TOUCH_MODAL | LayoutParams.FLAG_NOT_FOCUSABLE; + layoutParams.format = PixelFormat.OPAQUE; + layoutParams.gravity = Gravity.LEFT | Gravity.TOP; + layoutParams.width = getScreenWidth(); + layoutParams.height = getScreenHeight(); + layoutParams.x = getScreenWidth() / 2; + layoutParams.y = getScreenHeight() / 2; + + /* Show the floating window */ + mButton = new Button(this); + mButton.setText(getString(R.string.overlayButtonText)); + mWindowManager.addView(mButton, layoutParams); + } catch (Exception e) { + sendTestResult(getIntegerRes(R.integer.assumptionFailure), e.getMessage()); + return; + } + sendTestResult(getIntegerRes(R.integer.noAssumptionFailure), getStringRes(R.string.empty)); } @Override @@ -63,31 +81,27 @@ public class PocService extends Service { } @Override - public int onStartCommand(Intent intent, int flags, int startId) { - showFloatingWindow(); - return super.onStartCommand(intent, flags, startId); - } - - @Override public void onDestroy() { - if (mWindowManager != null && mButton != null) { - mWindowManager.removeView(mButton); + try { + if (mWindowManager != null && mButton != null) { + mWindowManager.removeView(mButton); + } + super.onDestroy(); + } catch (Exception e) { + sendTestResult(getIntegerRes(R.integer.assumptionFailure), e.getMessage()); } - super.onDestroy(); } - private void showFloatingWindow() { - if (Settings.canDrawOverlays(this)) { - mButton = new Button(getApplicationContext()); - mButton.setText("OverlayButton"); - mWindowManager.addView(mButton, mLayoutParams); - new Handler().postDelayed(new Runnable() { - @Override - public void run() { - onDestroy(); - } - }, 60000); // one minute - mButton.setTag(mButton.getVisibility()); + private void sendTestResult(int result, String message) { + try { + SharedPreferences sh = getSharedPreferences(getStringRes(R.string.sharedPreferences), + Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getStringRes(R.string.resultKey), result); + edit.putString(getStringRes(R.string.messageKey), message); + edit.commit(); + } catch (Exception e) { + // ignore the exception } } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp index d3e2302d280..2f87b9cdf31 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp @@ -30,10 +30,10 @@ android_test_helper_app { test_suites: [ "sts", ], - sdk_version: "current", static_libs: [ "androidx.test.core", "androidx.test.rules", "androidx.test.uiautomator_uiautomator", ], + platform_apis: true, } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml index f0978251006..74e263c53d4 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml @@ -22,12 +22,8 @@ <uses-permission android:name="android.permission.BLUETOOTH"/> <uses-permission android:name="android.permission.BLUETOOTH_CONNECT"/> <uses-permission android:name="android.permission.BLUETOOTH_SCAN"/> - <application - android:testOnly="true" - android:label="CVE-2021-39626" - android:supportsRtl="true"> - <activity - android:name=".PocActivity" + <application> + <activity android:name=".PocActivity" android:exported="true"> <intent-filter> <action android:name="android.intent.action.MAIN" /> @@ -35,7 +31,6 @@ </intent-filter> </activity> </application> - <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" android:targetPackage="android.security.cts.CVE_2021_39626" /> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/integers.xml new file mode 100644 index 00000000000..d5ae7443184 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/integers.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <integer name="assumptionFailure">-1</integer> + <integer name="pass">0</integer> + <integer name="enabled">1</integer> + <integer name="disabled">2</integer> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/strings.xml new file mode 100644 index 00000000000..e6f53e7ccc7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/strings.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <string name="allowButtonResName">android:id/button1</string> + <string name="btAction">btAction</string> + <string name="className">.Settings$ConnectedDeviceDashboardActivity</string> + <string name="defaultSemaphoreMsg">Could not get message key in shared preferences</string> + <string name="defaultSettingsPkg">com.android.settings</string> + <string name="failMessage">Vulnerable to b/194695497 !!</string> + <string name="messageKey">message</string> + <string name="resultKey">result</string> + <string name="sharedPreferences">CVE_2021_39626_prefs</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java index cd245400fc9..6bb8d166080 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java @@ -18,14 +18,15 @@ package android.security.cts.CVE_2021_39626; import static org.junit.Assert.assertFalse; import static org.junit.Assume.assumeNoException; -import static org.junit.Assume.assumeNotNull; import static org.junit.Assume.assumeTrue; import android.bluetooth.BluetoothAdapter; import android.content.ComponentName; import android.content.Context; import android.content.Intent; -import android.content.pm.PackageManager; +import android.content.SharedPreferences; +import android.content.SharedPreferences.OnSharedPreferenceChangeListener; +import android.content.res.Resources; import android.provider.Settings; import androidx.test.InstrumentationRegistry; @@ -34,69 +35,121 @@ import androidx.test.uiautomator.By; import androidx.test.uiautomator.UiDevice; import androidx.test.uiautomator.Until; +import org.junit.After; import org.junit.Test; import org.junit.runner.RunWith; +import java.util.concurrent.Semaphore; +import java.util.concurrent.TimeUnit; + @RunWith(AndroidJUnit4.class) public class DeviceTest { - private static final int TIMEOUT = 5000; - private static Context context; + static final int TIMEOUT = 10000; + boolean mBtState = false; + BluetoothAdapter mBtAdapter; + Context mContext; + OnSharedPreferenceChangeListener mListener; + Resources mResources; + SharedPreferences mSharedPrefs; + Semaphore mPreferenceChanged; + UiDevice mDevice; - private static String getSettingsPkgName() { + private String getSettingsPkgName() { Intent settingsIntent = new Intent(Settings.ACTION_SETTINGS); ComponentName settingsComponent = - settingsIntent.resolveActivity(context.getPackageManager()); + settingsIntent.resolveActivity(mContext.getPackageManager()); String pkgName = settingsComponent != null ? settingsComponent.getPackageName() - : "com.android.settings"; - assumeNotNull(pkgName); + : mContext.getString(R.string.defaultSettingsPkg); return pkgName; } - private void openApplication(String applicationName) { - Intent intent = context.getPackageManager().getLaunchIntentForPackage(applicationName); - assumeNotNull(intent); - intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK); + @After + public void tearDown() { try { - context.startActivity(intent); + // Disable bluetooth if it was OFF before the test + if (!mBtState) { + Intent intent = new Intent(mContext, PocActivity.class); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + intent.putExtra(mContext.getString(R.string.btAction), + BluetoothAdapter.ACTION_REQUEST_DISABLE); + mContext.startActivity(intent); + } + mPreferenceChanged = new Semaphore(0); + mPreferenceChanged.tryAcquire(TIMEOUT, TimeUnit.MILLISECONDS); + int result = mSharedPrefs.getInt(mResources.getString(R.string.resultKey), + mResources.getInteger(R.integer.assumptionFailure)); + String message = mSharedPrefs.getString(mResources.getString(R.string.messageKey), + mResources.getString(R.string.defaultSemaphoreMsg)); + + // Go to home screen + mDevice.pressHome(); } catch (Exception e) { - assumeNoException(e); + // ignore the exception } } @Test public void testBtDiscoverable() { - // Initialize UiDevice instance - UiDevice device = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation()); - context = InstrumentationRegistry.getInstrumentation().getContext(); - BluetoothAdapter btAdapter = BluetoothAdapter.getDefaultAdapter(); - assumeNotNull(btAdapter); - - // Save the state of bluetooth adapter to reset after the test - boolean btState = btAdapter.isEnabled(); - if (!btState) { - // If bluetooth is disabled, enable it and wait for adapter startup to complete - assumeTrue(btAdapter.enable()); - try { - Thread.sleep(TIMEOUT); - } catch (Exception e) { - assumeNoException(e); - } - } - assumeTrue(btAdapter.isEnabled()); + try { + // Initialize UiDevice instance + mDevice = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation()); + mContext = InstrumentationRegistry.getInstrumentation().getContext(); + mBtAdapter = BluetoothAdapter.getDefaultAdapter(); - // Launch the PoC application and ensure that it launches bluetooth settings - openApplication(context.getPackageName()); - assumeTrue(device.wait(Until.hasObject(By.pkg(getSettingsPkgName())), TIMEOUT)); + // Save the state of bluetooth adapter to reset after the test + mBtState = mBtAdapter.isEnabled(); - boolean isBtDiscoverable = - (btAdapter.getScanMode() == btAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE); + // If bluetooth is disabled, enable it and wait for start activity to complete + Intent intent = new Intent(mContext, PocActivity.class); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + intent.putExtra(mContext.getString(R.string.btAction), + BluetoothAdapter.ACTION_REQUEST_ENABLE); + mContext.startActivity(intent); + mResources = mContext.getResources(); - // Disable bluetooth if it was OFF before the test - if (!btState) { - btAdapter.disable(); - } + mSharedPrefs = mContext.getSharedPreferences( + mResources.getString(R.string.sharedPreferences), Context.MODE_APPEND); + mPreferenceChanged = new Semaphore(0); + mListener = new OnSharedPreferenceChangeListener() { + @Override + public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, + String key) { + if (key.equals(mResources.getString(R.string.resultKey))) { + mPreferenceChanged.release(); + } + } + }; + mSharedPrefs.registerOnSharedPreferenceChangeListener(mListener); + mPreferenceChanged.tryAcquire(TIMEOUT, TimeUnit.MILLISECONDS); - // The test fails if bluetooth is made discoverable through PoC - assertFalse("Vulnerable to b/194695497 !!", isBtDiscoverable); + int result = mSharedPrefs.getInt(mResources.getString(R.string.resultKey), + mResources.getInteger(R.integer.assumptionFailure)); + String message = mSharedPrefs.getString(mResources.getString(R.string.messageKey), + mResources.getString(R.string.defaultSemaphoreMsg)); + assumeTrue(message, result != mResources.getInteger(R.integer.assumptionFailure)); + + // Checking if bluetooth is enabled. The test requires bluetooth to be enabled, + // assumption failing the test if it's not enabled + assumeTrue(mBtAdapter.isEnabled()); + + // Launch bluetooth settings which is supposed to set scan mode to + // SCAN_MODE_CONNECTABLE_DISCOVERABLE if vulnerability is active + intent = new Intent(); + intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + String settingsPkg = getSettingsPkgName(); + intent.setClassName(settingsPkg, settingsPkg + mContext.getString(R.string.className)); + mContext.startActivity(intent); + + assumeTrue(mDevice.wait(Until.hasObject(By.pkg(settingsPkg)), TIMEOUT)); + + boolean isBtDiscoverable = false; + isBtDiscoverable = + (mBtAdapter.getScanMode() == mBtAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE); + + // The test fails if bluetooth is made discoverable through PoC + assertFalse(mContext.getString(R.string.failMessage), isBtDiscoverable); + } catch (Exception e) { + assumeNoException(e); + } } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java index d4425ff0eb3..9a43cd19f31 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java @@ -16,24 +16,88 @@ package android.security.cts.CVE_2021_39626; -import static org.junit.Assume.assumeNoException; - import android.app.Activity; +import android.bluetooth.BluetoothAdapter; +import android.bluetooth.BluetoothManager; +import android.content.Context; import android.content.Intent; +import android.content.SharedPreferences; import android.os.Bundle; -import android.provider.Settings; + +import androidx.annotation.IntegerRes; +import androidx.test.InstrumentationRegistry; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiObject2; +import androidx.test.uiautomator.Until; public class PocActivity extends Activity { + private static final int TIMEOUT = 5000; + private static final int REQUEST_ENABLE_BT = 1; + private static final int REQUEST_DISABLE_BT = 2; + + int getInteger(@IntegerRes int resId) { + return getResources().getInteger(resId); + } @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); - Intent intent = new Intent(); - intent.setAction(Settings.ACTION_BLUETOOTH_SETTINGS); try { - startActivity(intent); + String action = getIntent().getStringExtra(getString(R.string.btAction)); + UiDevice device = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation()); + BluetoothManager bluetoothManager = getSystemService(BluetoothManager.class); + BluetoothAdapter bluetoothAdapter = bluetoothManager.getAdapter(); + int code = REQUEST_ENABLE_BT; + if (action.equals(BluetoothAdapter.ACTION_REQUEST_DISABLE)) { + code = REQUEST_DISABLE_BT; + } + + if ((action.equals(BluetoothAdapter.ACTION_REQUEST_ENABLE) + && !bluetoothAdapter.isEnabled()) + || (action.equals(BluetoothAdapter.ACTION_REQUEST_DISABLE) + && bluetoothAdapter.isEnabled())) { + Intent enableBtIntent = new Intent(action); + startActivityForResult(enableBtIntent, code); + + // Wait for the activity to appear and the allow button + device.wait(Until.hasObject(By.res(getString(R.string.allowButtonResName))), + TIMEOUT); + + // Click on the allow button + UiObject2 object = + device.findObject(By.res(getString(R.string.allowButtonResName))); + object.click(); + } else { + sendTestResult(getInteger(R.integer.pass), ""); + finish(); + return; + } } catch (Exception e) { - assumeNoException(e); + sendTestResult(getInteger(R.integer.assumptionFailure), e.getMessage()); + return; + } + } + + @Override + protected void onActivityResult(int requestCode, int resultCode, Intent data) { + if (requestCode == REQUEST_ENABLE_BT && resultCode == Activity.RESULT_OK) { + finish(); + sendTestResult(getInteger(R.integer.enabled), ""); + } else if (requestCode == REQUEST_DISABLE_BT && resultCode == Activity.RESULT_OK) { + finish(); + sendTestResult(getInteger(R.integer.disabled), ""); + } + } + + private void sendTestResult(int result, String message) { + SharedPreferences sh = + getSharedPreferences(getString(R.string.sharedPreferences), Context.MODE_PRIVATE); + if (sh != null) { + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey), result); + edit.putString(getString(R.string.messageKey), message); + edit.commit(); } } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/Android.bp new file mode 100644 index 00000000000..044a5f5a161 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/Android.bp @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2021-39704", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/AndroidManifest.xml new file mode 100644 index 00000000000..70b7a736be5 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/AndroidManifest.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2021_39704"> + <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE" /> + <application + android:supportsRtl="true"> + <service + android:name=".PocService" + android:exported="true"> + </service> + <activity + android:name=".PocActivity" + android:exported="true"> + <intent-filter> + <action android:name="android.intent.action.MAIN" /> + <category android:name="android.intent.category.LAUNCHER" /> + </intent-filter> + </activity> + </application> + + <instrumentation + android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2021_39704" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/integers.xml new file mode 100644 index 00000000000..ec924a9a275 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/integers.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <integer name="pass">2</integer> + <integer name="timeoutMs">5000</integer> + <integer name="assumptionFailure">3</integer> + <integer name="fail">1</integer> + <integer name="width">50</integer> + <integer name="height">50</integer> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/strings.xml new file mode 100644 index 00000000000..ab82c01b528 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/strings.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <string name="channel">channel</string> + <string name="failMessage">Failed to open </string> + <string name="group">group</string> + <string name="groupId">groupId</string> + <string name="messageKey">messageKey</string> + <string name="passMessage">Passed</string> + <string name="resultKey">resultKey</string> + <string name="sharedPreference">sharedPreference</string> + <string name="vulnerableMessage">Vulnerable to b/209965481</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/DeviceTest.java new file mode 100644 index 00000000000..633622957d0 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/DeviceTest.java @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39704; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.content.Context; +import android.content.Intent; +import android.content.SharedPreferences; +import android.content.SharedPreferences.OnSharedPreferenceChangeListener; +import android.content.pm.PackageManager; + +import androidx.test.runner.AndroidJUnit4; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.concurrent.TimeUnit; +import java.util.concurrent.Semaphore; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + @Test + public void testdeleteNotificationChannelGroup() { + try { + Context context = getApplicationContext(); + PackageManager packageManager = context.getPackageManager(); + Intent intent = packageManager + .getLaunchIntentForPackage(context.getPackageName()); + intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK); + + context.startActivity(intent); + SharedPreferences sh = context.getSharedPreferences( + context.getString(R.string.sharedPreference), + Context.MODE_APPEND); + final Semaphore preferenceChanged = new Semaphore(0); + OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() { + @Override + public void onSharedPreferenceChanged( + SharedPreferences sharedPreferences, String key) { + if (key.equals(context.getString(R.string.resultKey))) { + if (sharedPreferences.getInt(key, 0) == context + .getResources().getInteger(R.integer.pass)) { + preferenceChanged.release(); + } + } + } + }; + sh.registerOnSharedPreferenceChangeListener(listener); + preferenceChanged.tryAcquire( + context.getResources().getInteger(R.integer.timeoutMs), + TimeUnit.MILLISECONDS); + + int result = sh.getInt(context.getString(R.string.resultKey), + context.getResources().getInteger(R.integer.pass)); + String message = sh.getString( + context.getString(R.string.messageKey), + context.getString(R.string.passMessage)); + assumeTrue(message, result != context.getResources() + .getInteger(R.integer.assumptionFailure)); + assertNotEquals(message, result, + context.getResources().getInteger(R.integer.fail)); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocActivity.java new file mode 100644 index 00000000000..60ce757808f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocActivity.java @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39704; + +import android.app.Activity; +import android.Manifest; +import android.content.Context; +import android.content.Intent; +import android.content.pm.PackageManager; +import android.content.SharedPreferences; +import android.os.Bundle; + +//PocActitvity is required because requestPermissions needs to implemented to request location permission. +public class PocActivity extends Activity { + + @Override + protected void onCreate(Bundle savedInstanceState) { + try { + super.onCreate(savedInstanceState); + if (this.checkCallingOrSelfPermission( + Manifest.permission.ACCESS_COARSE_LOCATION) != PackageManager.PERMISSION_GRANTED) { + startForegroundService(new Intent(this, PocService.class)); + this.requestPermissions( + new String[] { + Manifest.permission.ACCESS_COARSE_LOCATION },0); + } + } catch (Exception e) { + setExceptionStatus(e.toString(), + getResources().getInteger(R.integer.assumptionFailure)); + } + } + + private void setExceptionStatus(String message, int status) { + try { + SharedPreferences sh = getSharedPreferences( + getString(R.string.sharedPreference), Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey), status); + edit.putString(getString(R.string.messageKey), message); + edit.commit(); + } catch (Exception e) { + // ignore exception + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocService.java new file mode 100644 index 00000000000..23303c3c23c --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocService.java @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39704; + +import android.app.Notification; +import android.app.NotificationChannel; +import android.app.NotificationChannelGroup; +import android.app.NotificationManager; +import android.app.Service; +import android.content.Context; +import android.content.Intent; +import android.content.res.Resources; +import android.content.SharedPreferences; +import android.graphics.Bitmap; +import android.graphics.Canvas; +import android.graphics.Color; +import android.graphics.drawable.Icon; +import android.os.IBinder; + +//PocService is needed to build the notification when the service starts. +public class PocService extends Service { + + @Override + public IBinder onBind(Intent intent) { + return null; + } + + @Override + public void onCreate() { + try { + exploitBug(); + super.onCreate(); + } catch (Exception e) { + setResult(getResources().getInteger(R.integer.assumptionFailure), + e.getMessage()); + } + } + + void exploitBug() { + try { + final NotificationManager notificationManager = getSystemService( + NotificationManager.class); + final String id = getString(R.string.channel); + final String groupId = getString(R.string.groupId); + notificationManager.createNotificationChannelGroup( + new NotificationChannelGroup(groupId, + getString(R.string.group))); + NotificationChannel notificationChannel = new NotificationChannel( + id, id, NotificationManager.IMPORTANCE_HIGH); + notificationChannel.setGroup(groupId); + notificationManager.createNotificationChannel(notificationChannel); + Notification notification = new Notification.Builder(this, id) + .setSmallIcon(createNotificationIcon()).build(); + startForeground(1, notification); + setResult(getResources().getInteger(R.integer.fail), + getString(R.string.vulnerableMessage)); + notificationManager.deleteNotificationChannelGroup(groupId); + setResult(getResources().getInteger(R.integer.fail), + getString(R.string.vulnerableMessage)); + } catch (SecurityException e) { + setResult(getResources().getInteger(R.integer.pass), + getString(R.string.passMessage)); + } + } + + private void setResult(int result, String message) { + try { + SharedPreferences sh = getSharedPreferences( + getString(R.string.sharedPreference), Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey), result); + edit.putString(getString(R.string.messageKey), message); + edit.commit(); + } catch (Exception e) { + // ignore exception + } + } + + Icon createNotificationIcon() { + Resources resources = getResources(); + Bitmap testBitmap = Bitmap.createBitmap( + resources.getInteger(R.integer.width), + resources.getInteger(R.integer.height), + Bitmap.Config.ARGB_8888); + final Canvas canvas = new Canvas(testBitmap); + canvas.drawColor(Color.BLUE); + return Icon.createWithBitmap(testBitmap); + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/Android.bp new file mode 100644 index 00000000000..517619afdab --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/Android.bp @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2021-39707", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", + "androidx.test.core", + ], + platform_apis: true, +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/AndroidManifest.xml new file mode 100644 index 00000000000..bfb3943ba87 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/AndroidManifest.xml @@ -0,0 +1,38 @@ +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + xmlns:tools="http://schemas.android.com/tools" + package="android.security.cts.CVE_2021_39707"> + <application android:label="@string/testAppLabel"> + <receiver android:name=".PocReceiver" + android:exported="true"> + <intent-filter> + <action android:name="android.intent.action.GET_RESTRICTION_ENTRIES" /> + </intent-filter> + </receiver> + <activity android:name=".PocActivity" + android:exported="true"> + <intent-filter> + <action android:name="android.intent.action.CALL_PRIVILEGED" /> + <category android:name="android.intent.category.DEFAULT" /> + <data android:scheme="tel" /> + </intent-filter> + </activity> + </application> + <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2021_39707" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/res/values/strings.xml new file mode 100644 index 00000000000..902f48ce1ea --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/res/values/strings.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright (C) 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<resources> + <string name="defaultSettingsPkgName">com.android.settings</string> + <string name="resTestAppIcon">%1$s:id/app_restrictions_settings</string> + <string name="testAppLabel">CVE-2021-39707</string> + <string name="testFailMsg">Device is vulnerable to b/200688991!!</string> + <string name="textAppContentAccess">App & content access</string> + <string name="textRestrictedUser">CVE_2021_39707_RestrictedUser</string> + <string name="timedOutMsg">Timed out waiting for text/res \'%1$s\' on display</string> + <string name="uriData">tel:555-TEST</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java new file mode 100644 index 00000000000..db3acb09a05 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39707; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.content.Context; +import android.content.Intent; +import android.provider.Settings; +import android.telecom.TelecomManager; + +import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.BySelector; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiObject2; +import androidx.test.uiautomator.UiScrollable; +import androidx.test.uiautomator.UiSelector; +import androidx.test.uiautomator.Until; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + @Test + public void testAppRestrictionsFragment() { + try { + /* Start the "User Settings" window */ + Intent intent = new Intent(Settings.ACTION_USER_SETTINGS); + intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + Context context = getApplicationContext(); + context.startActivity(intent); + String settingsPkgName = + intent.resolveActivity(context.getPackageManager()).getPackageName(); + settingsPkgName = + (settingsPkgName == null) ? context.getString(R.string.defaultSettingsPkgName) + : settingsPkgName; + + /* + * Click on the text "CVE_2021_39707_RestrictedUser", the restricted user that we added + * before + */ + final int uiTimeoutMs = 5000; + String textRestrictedUser = context.getString(R.string.textRestrictedUser); + BySelector selector = By.text(textRestrictedUser); + UiDevice device = UiDevice.getInstance(getInstrumentation()); + assumeTrue(context.getString(R.string.timedOutMsg, textRestrictedUser), + device.wait(Until.hasObject(selector), uiTimeoutMs)); + device.findObject(selector).click(); + + /* Click on the text "App & content access" */ + String textAppContentAccess = context.getString(R.string.textAppContentAccess); + selector = By.text(textAppContentAccess); + assumeTrue(context.getString(R.string.timedOutMsg, textAppContentAccess), + device.wait(Until.hasObject(selector), uiTimeoutMs)); + device.findObject(selector).click(); + + /* + * Click on the icon with resource name + * "com.android.settings:id/app_restrictions_settings" next to the test app + * "CVE-2021-39707" + */ + UiScrollable scrollable = new UiScrollable(new UiSelector()); + String textTestApp = context.getString(R.string.testAppLabel); + scrollable.scrollTextIntoView(textTestApp); + selector = By.text(textTestApp); + assumeTrue(context.getString(R.string.timedOutMsg, textTestApp), + device.wait(Until.hasObject(selector), uiTimeoutMs)); + UiObject2 parent = device.findObject(selector).getParent().getParent().getParent(); + selector = By.res(context.getString(R.string.resTestAppIcon, settingsPkgName)); + parent.findObject(selector).click(); + + /* + * Wait on the UI of the dialer app, test fails if the dialer app appears on the screen + * which indicates vulnerable behaviour + */ + TelecomManager telecomManager = context.getSystemService(TelecomManager.class); + selector = By.pkg(telecomManager.getSystemDialerPackage()); + assertFalse(context.getString(R.string.testFailMsg), + device.wait(Until.hasObject(selector), uiTimeoutMs)); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocActivity.java new file mode 100644 index 00000000000..92645c498f8 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocActivity.java @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39707; + +import android.app.Activity; + +// In order to detect the vulnerability, intent with action "android.intent.action.CALL_PRIVILEGED" +// must resolve to more than 1 activity, so PocActivity is defined here with this intent to have at +// least one activity other than the "PrivilegedCallActivity". +public class PocActivity extends Activity { +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocReceiver.java new file mode 100644 index 00000000000..6d4caae068b --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocReceiver.java @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39707; + +import android.content.BroadcastReceiver; +import android.content.Context; +import android.content.Intent; +import android.net.Uri; +import android.os.Bundle; + +public class PocReceiver extends BroadcastReceiver { + + @Override + public void onReceive(Context context, Intent intent) { + try { + Bundle result = new Bundle(); + Intent dialIntent = new Intent(); + dialIntent.setData(Uri.parse(context.getString(R.string.uriData))); + dialIntent.setAction(Intent.ACTION_CALL_PRIVILEGED); + result.putParcelable(Intent.EXTRA_RESTRICTIONS_INTENT, dialIntent); + setResultExtras(result); + } catch (Exception e) { + // ignore all exceptions, in the worst case, any exception caught here indicates that + // setting extra intent was unsuccessful, so test will pass in the worst case. + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/Android.bp new file mode 100644 index 00000000000..ade2215f2d7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/Android.bp @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2021-39795", + defaults: [ + "cts_support_defaults" + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.rules", + "androidx.test.core", + ], +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/AndroidManifest.xml new file mode 100644 index 00000000000..cb42aedc255 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/AndroidManifest.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2021_39795"> + <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="28"/> + <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> + <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/> + <uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE"/> + <instrumentation + android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2021_39795" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/res/values/strings.xml new file mode 100644 index 00000000000..19ea461d4cb --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/res/values/strings.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <string name="filePath">Android/data/CVE-2021-39795-dir/</string> + <string name="fileContent">Bypassed by MediaProvider</string> + <string name="fileName">CVE-2021-39795-file</string> + <string name="external">external</string> + <string name="secondFixFailure">Second Fix Patch not applied. + Please Apply second Fix Patch!!</string> + <string name="fileUtilPkg">com.android.providers.media.util.FileUtils</string> + <string name="isDataOrObbPathMethod">isDataOrObbPath</string> + <string name="mediaProviderPkg">com.android.providers.media.module</string> + <string name="sampleFilePath">/storage/emulated/0/Android/data/foo</string> + <string name="failure">Device vulnerable to b/201667614! Any app with + MANAGE_EXTERNAL_STORAGE permission can write into other apps private + external directory.</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/src/android/security/cts/CVE_2021_39795/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/src/android/security/cts/CVE_2021_39795/DeviceTest.java new file mode 100644 index 00000000000..8d3ff0a9602 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/src/android/security/cts/CVE_2021_39795/DeviceTest.java @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39795; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static org.junit.Assert.fail; +import static org.junit.Assume.assumeNoException; + +import android.content.Context; +import android.content.ContentResolver; +import android.content.ContentValues; +import android.content.res.Resources; +import android.provider.MediaStore; + +import androidx.test.runner.AndroidJUnit4; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.io.OutputStream; +import java.lang.reflect.Method; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + @Test + public void testFilePresence() { + boolean isSecondPatchAbsent = false; + Resources resources = null; + OutputStream outputStream = null; + try { + // Accessing FileUtils.isDataOrObbPath() to detect the presence of second patch of fix. + Context context = getApplicationContext(); + resources = context.getResources(); + Context mediaProviderContext = + context.createPackageContext(resources.getString(R.string.mediaProviderPkg), + Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY); + ClassLoader fileUtilsClassLoader = mediaProviderContext.getClassLoader(); + Class<?> FileUtilsClass = + fileUtilsClassLoader.loadClass(resources.getString(R.string.fileUtilPkg)); + Method isDataOrObbPathMethod = FileUtilsClass.getDeclaredMethod( + resources.getString(R.string.isDataOrObbPathMethod), String.class); + isDataOrObbPathMethod.setAccessible(true); + isSecondPatchAbsent = (boolean) isDataOrObbPathMethod.invoke(this, + resources.getString(R.string.sampleFilePath)); + + // Checking write into external directory. + ContentValues values = new ContentValues(); + ContentResolver contentResolver = context.getContentResolver(); + values.put(MediaStore.MediaColumns.RELATIVE_PATH, + resources.getString(R.string.filePath)); + values.put(MediaStore.MediaColumns.DISPLAY_NAME, + resources.getString(R.string.fileName)); + outputStream = contentResolver.openOutputStream(contentResolver.insert( + MediaStore.Files.getContentUri(resources.getString(R.string.external)), + values)); + outputStream.write(resources.getString(R.string.fileContent).getBytes()); + + /* + * If control flow has reached till this point it means no exception anywhere and fix is + * not present and it is vulnerable to the bug. + */ + fail(resources.getString(R.string.failure)); + } catch (IllegalArgumentException e) { + // First fix patch is applied, ignore this exception. + if (isSecondPatchAbsent) { + // Fail the test as Latest Fix Patch is not applied + fail(resources.getString(R.string.secondFixFailure)); + } + } catch (Exception e) { + assumeNoException(e); + } finally { + try { + outputStream.close(); + } catch (Exception e) { + // ignore all exceptions + } + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/Android.bp new file mode 100644 index 00000000000..13a86e3b68e --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/Android.bp @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2021-39808", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + ], + platform_apis: true, +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/AndroidManifest.xml new file mode 100644 index 00000000000..0394d6ccb6a --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/AndroidManifest.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2021_39808"> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/> + <application> + <service + android:name=".PocService" + android:exported="true"> + </service> + </application> + + <instrumentation + android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2021_39808" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/integers.xml new file mode 100644 index 00000000000..8e7d104c6d2 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/integers.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <integer name="assumptionFailure">4</integer> + <integer name="fail">2</integer> + <integer name="falseVal">-1</integer> + <integer name="height">50</integer> + <integer name="pass">3</integer> + <integer name="setFlag">1</integer> + <integer name="timeoutMs">10000</integer> + <integer name="value">0</integer> + <integer name="width">50</integer> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/strings.xml new file mode 100644 index 00000000000..f4fb7413e40 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/strings.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <string name="assumptionFailure">Assumption failure occurred</string> + <string name="errorNoMethodFound">No method found</string> + <string name="errorTargetMethodNotFound">Target method not found</string> + <string name="flag">flag</string> + <string name="functionName">createNotificationChannelGroups</string> + <string name="group">group</string> + <string name="groupId">groupId</string> + <string name="illegalCode">Illegal Code</string> + <string name="messageKey">MESSAGE</string> + <string name="resultKey">RESULT</string> + <string name="message">message</string> + <string name="notification">notification</string> + <string name="passMessage">Passed</string> + <string name="sharedPreference">CVE_2021_39808</string> + <string name="vulnerableMessage"> + Vulnerable to b/209966086!! Foreground service ran without user notification + </string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/DeviceTest.java new file mode 100644 index 00000000000..a32638dda2c --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/DeviceTest.java @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39808; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.content.Context; +import android.content.Intent; +import android.content.SharedPreferences; +import android.content.SharedPreferences.OnSharedPreferenceChangeListener; +import android.content.res.Resources; + +import androidx.test.runner.AndroidJUnit4; + +import java.util.concurrent.Semaphore; +import java.util.concurrent.TimeUnit; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + @Test + public void testService() { + try { + Context context = getApplicationContext(); + Intent intent = new Intent(context, PocService.class); + intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK); + context.startService(intent); + SharedPreferences sh = context.getSharedPreferences( + context.getString(R.string.sharedPreference), + Context.MODE_APPEND); + final Semaphore preferenceChanged = new Semaphore(0); + OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() { + @Override + public void onSharedPreferenceChanged( + SharedPreferences sharedPreferences, String key) { + if (key.equals(context.getString(R.string.resultKey))) { + if (sharedPreferences.getInt(key, 0) == context + .getResources().getInteger(R.integer.pass)) { + preferenceChanged.release(); + } + } + } + }; + sh.registerOnSharedPreferenceChangeListener(listener); + + preferenceChanged.tryAcquire( + context.getResources().getInteger(R.integer.timeoutMs), + TimeUnit.MILLISECONDS); + + int result = sh.getInt(context.getString(R.string.resultKey), + context.getResources().getInteger(R.integer.pass)); + String message = sh.getString(context.getString(R.string.messageKey), + context.getString(R.string.passMessage)); + assumeTrue(message, result != context.getResources() + .getInteger(R.integer.assumptionFailure)); + assertNotEquals(message, result, + context.getResources().getInteger(R.integer.fail)); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/PocService.java new file mode 100644 index 00000000000..73b0df4adfb --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/PocService.java @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39808; + +import android.app.INotificationManager; +import android.app.NotificationChannelGroup; +import android.app.NotificationManager; +import android.app.Service; +import android.content.Context; +import android.content.Intent; +import android.content.SharedPreferences; +import android.os.IBinder; +import android.os.Parcel; +import android.os.ServiceManager; +import android.text.TextUtils; + +import java.lang.reflect.Method; + +public class PocService extends Service { + + @Override + public IBinder onBind(Intent intent) { + return null; + } + + @Override + public void onCreate() { + try { + super.onCreate(); + setResult(getResources().getInteger(R.integer.fail), + getResources().getString(R.string.vulnerableMessage)); + createNotificationGroup(); + } catch (Exception e) { + setResult(getResources().getInteger(R.integer.assumptionFailure), + e.getMessage()); + } + } + + void createNotificationGroup() throws Exception { + IBinder binder = ServiceManager + .getService(getResources().getString(R.string.notification)); + int serviceId = getTransactionCode( + getResources().getString(R.string.functionName)); + if (serviceId == -1) { + setResult(getResources().getInteger(R.integer.assumptionFailure), + getString(R.string.errorNoMethodFound)); + return; + } else if (serviceId == -2) { + setResult(getResources().getInteger(R.integer.assumptionFailure), + getString(R.string.errorTargetMethodNotFound)); + return; + } + createNotificationGroup(binder, serviceId); + NotificationManager notificationManager = (NotificationManager) getSystemService( + NOTIFICATION_SERVICE); + NotificationChannelGroup notificationChannelGroup = notificationManager + .getNotificationChannelGroup( + getResources().getString(R.string.groupId)); + if (!notificationChannelGroup.isBlocked()) { + setResult(getResources().getInteger(R.integer.pass), + getResources().getString(R.string.passMessage)); + } + } + + int getTransactionCode(String methodName) { + int txCode = IBinder.FIRST_CALL_TRANSACTION; + String txName = INotificationManager.Stub + .getDefaultTransactionName(txCode); + if (txName == null) { + return -1; + } + while (txName != null && txCode <= IBinder.LAST_CALL_TRANSACTION) { + txName = INotificationManager.Stub + .getDefaultTransactionName(++txCode); + if (txName.equals(methodName)) { + break; + } + } + if (txName == null) { + return -2; + } + return txCode; + } + + void createNotificationGroup(IBinder binder, int code) throws Exception { + String description = binder.getInterfaceDescriptor(); + Parcel data = Parcel.obtain(); + Parcel reply = Parcel.obtain(); + data.writeInterfaceToken(description); + data.writeString(this.getPackageName()); + data.writeInt(getResources().getInteger(R.integer.setFlag)); + data.writeInt(getResources().getInteger(R.integer.setFlag)); + data.writeString(NotificationChannelGroup.class.getName()); + data.writeInt(getResources().getInteger(R.integer.setFlag)); + data.writeByte((byte) getResources().getInteger(R.integer.setFlag)); + data.writeString(getResources().getString(R.string.groupId)); + TextUtils.writeToParcel(getResources().getString(R.string.group), data, + getResources().getInteger(R.integer.setFlag)); + data.writeByte((byte) getResources().getInteger(R.integer.value)); + data.writeInt(getResources().getInteger(R.integer.falseVal)); + data.writeInt(getResources().getInteger(R.integer.setFlag)); + boolean val = (boolean) binder.transact(code, data, reply, + getResources().getInteger(R.integer.value)); + if (!val) { + setResult(getResources().getInteger(R.integer.assumptionFailure), + getResources().getString(R.string.illegalCode)); + } + reply.readException(); + } + + private void setResult(int result, String message) { + try { + SharedPreferences sh = getSharedPreferences( + getString(R.string.sharedPreference), Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey), result); + edit.putString(getString(R.string.messageKey), message); + edit.commit(); + } catch (Exception e) { + // ignore exception + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml index 9f7ac842f5b..731eac43717 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml @@ -23,7 +23,7 @@ android:label="CVE-2022-20007-Attacker" android:supportsRtl="true"> <activity - android:name=".PocActivity" + android:name=".PocAttackerActivity" android:exported="true" android:theme="@android:style/Theme.Translucent.NoTitleBar.Fullscreen"> </activity> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocAttackerActivity.java index ad87ea7434f..988517e8670 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocActivity.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocAttackerActivity.java @@ -20,7 +20,7 @@ import android.app.Activity; import android.os.Bundle; import android.view.WindowManager; -public class PocActivity extends Activity { +public class PocAttackerActivity extends Activity { @Override protected void onCreate(Bundle savedInstanceState) { diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/Android.bp new file mode 100644 index 00000000000..98d59623a28 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/Android.bp @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2022-20007-Second", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/AndroidManifest.xml new file mode 100644 index 00000000000..7880b0f0669 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/AndroidManifest.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2022_20007_second" + android:sharedUserId="android.security.cts.CVE_2022_20007_shared_uid" + android:versionCode="1" + android:versionName="1.0"> + <application + android:label="CVE-2022-20007-Second" + android:process="android.security.cts.CVE_2022_20007" + android:supportsRtl="true"> + <activity + android:name=".SecondPocActivity" + android:exported="true"> + </activity> + </application> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/layout/activity_main.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/layout/activity_main.xml new file mode 100644 index 00000000000..d327e30f622 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/layout/activity_main.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<LinearLayout + xmlns:android="http://schemas.android.com/apk/res/android" + android:layout_width="match_parent" + android:layout_height="match_parent"> + <View + android:layout_width="match_parent" + android:layout_height="match_parent"/> +</LinearLayout> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/integers.xml new file mode 100644 index 00000000000..e112bcd4ab2 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/integers.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <integer name="fail">1</integer> + <integer name="pass">0</integer> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/strings.xml new file mode 100644 index 00000000000..c20d81ccfa0 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/strings.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <string name="resultKey2">result2</string> + <string name="sharedPreferences">SharedPreferences</string> + <string name="testAppPackage">android.security.cts.CVE_2022_20007</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/src/android/security/cts/CVE_2022_20007_second/SecondPocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/src/android/security/cts/CVE_2022_20007_second/SecondPocActivity.java new file mode 100644 index 00000000000..867da1c4ce2 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/src/android/security/cts/CVE_2022_20007_second/SecondPocActivity.java @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20007_second; + +import android.app.Activity; +import android.content.Context; +import android.content.SharedPreferences; +import android.os.Bundle; + +public class SecondPocActivity extends Activity { + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + setContentView(R.layout.activity_main); + } + + @Override + protected void onResume() { + super.onResume(); + setSharedPreferenes(getResources().getInteger(R.integer.fail)); + } + + @Override + protected void onPause() { + super.onPause(); + setSharedPreferenes(getResources().getInteger(R.integer.pass)); + } + + void setSharedPreferenes(int result) { + try { + Context testAppContext = createPackageContext(getString(R.string.testAppPackage), + Context.CONTEXT_IGNORE_SECURITY); + SharedPreferences sh = testAppContext.getSharedPreferences( + getString(R.string.sharedPreferences), Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey2), result); + edit.commit(); + } catch (Exception e) { + // ignore exception here + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp index 713c0ed6500..0633c692d2a 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp @@ -32,6 +32,7 @@ android_test_helper_app { static_libs: [ "androidx.test.core", "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", ], sdk_version: "current", } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml index ea78d62cdb1..c5dd6b5e9ac 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml @@ -17,13 +17,15 @@ <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="android.security.cts.CVE_2022_20007" + android:sharedUserId="android.security.cts.CVE_2022_20007_shared_uid" android:versionCode="1" android:versionName="1.0"> <application android:label="CVE-2022-20007" + android:process="android.security.cts.CVE_2022_20007" android:supportsRtl="true"> <activity - android:name=".PocActivity" + android:name=".FirstPocActivity" android:exported="true"> </activity> <activity diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml index 26b15c29414..bdb37757898 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml @@ -17,6 +17,9 @@ <resources> <integer name="assumptionFailure">-1</integer> - <integer name="pass">0</integer> <integer name="fail">1</integer> + <integer name="pass">0</integer> + <integer name="permitCount">2</integer> + <integer name="threeActivities">3</integer> + <integer name="twoActivities">2</integer> </resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml index 1368bc206a9..e9910b70037 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml @@ -17,14 +17,22 @@ <resources> <string name="assumptionFailureMessage"> - Assumption failure occurred. + Assumption failure occurred. Bounds : </string> + <string name="attackerActivity">PocAttackerActivity</string> + <string name="attackerPkg">android.security.cts.CVE_2022_20007_attacker</string> + <string name="boundsNotEqualMessage">Activity bounds are not equal</string> + <string name="dumpsysCmd">dumpsys activity %1$s</string> <string name="failMessage"> Vulnerable to b/211481342!! Race Condition when startActivities() is invoked which can cause - Not-Paused Background Activity + Not-Paused Background Activity. Bounds : </string> + <string name="mBounds">mBounds</string> <string name="messageKey">message</string> - <string name="passMessage">Pass</string> + <string name="numActivities">numActivities</string> <string name="resultKey">result</string> + <string name="resultKey2">result2</string> + <string name="secondActivity">SecondPocActivity</string> + <string name="secondPocAppPkg">android.security.cts.CVE_2022_20007_second</string> <string name="sharedPreferences">SharedPreferences</string> </resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java index 925da1ce80b..d4828b868b5 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java @@ -17,18 +17,22 @@ package android.security.cts.CVE_2022_20007; import static androidx.test.core.app.ApplicationProvider.getApplicationContext; -import static org.junit.Assert.assertNotEquals; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; +import static org.junit.Assert.assertFalse; import static org.junit.Assume.assumeNoException; import static org.junit.Assume.assumeNotNull; import static org.junit.Assume.assumeTrue; -import android.content.ActivityNotFoundException; import android.content.Context; import android.content.Intent; import android.content.SharedPreferences; import android.content.SharedPreferences.OnSharedPreferenceChangeListener; +import android.util.Log; import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.Until; import org.junit.Test; import org.junit.runner.RunWith; @@ -39,6 +43,13 @@ import java.util.concurrent.TimeUnit; @RunWith(AndroidJUnit4.class) public class DeviceTest { private Context mContext = getApplicationContext(); + private UiDevice mDevice = UiDevice.getInstance(getInstrumentation()); + private boolean mIsVulnerable = true; + private boolean mIsVulnerable2 = true; + private String mFirstPocActivityBounds = ""; + private String mSecondPocActivityBounds = ""; + private String mPocAttackerActivityBounds = ""; + private SharedPreferences mSharedPrefs = null; String getStringRes(int key) { return mContext != null ? mContext.getResources().getString(key) : null; @@ -48,44 +59,115 @@ public class DeviceTest { return mContext != null ? mContext.getResources().getInteger(key) : null; } - @Test - public void testRaceCondition() throws Exception { - final long timeoutSec = 20L; - assumeNotNull(mContext); + String getBounds(String activityName) throws Exception { + String output = + mDevice.executeShellCommand(mContext.getString(R.string.dumpsysCmd, activityName)); + output = output.substring(output.indexOf(getStringRes(R.string.mBounds)), + output.indexOf(")", output.indexOf(getStringRes(R.string.mBounds))) + 1); + return output; + } + + void launchMainActivity(int numActivities) { final Intent intent = new Intent(mContext, PocMainActivity.class); - intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY); + intent.putExtra(getStringRes(R.string.numActivities), numActivities); + mContext.startActivity(intent); + } + + void checkResult(String key) { + int result = mSharedPrefs.getInt(key, getIntegerRes(R.integer.assumptionFailure)); + assumeTrue( + getStringRes(R.string.assumptionFailureMessage) + mFirstPocActivityBounds + " " + + mSecondPocActivityBounds + " " + mPocAttackerActivityBounds, + result != getIntegerRes(R.integer.assumptionFailure)); + assertFalse( + getStringRes(R.string.failMessage) + mFirstPocActivityBounds + " " + + mSecondPocActivityBounds + " " + mPocAttackerActivityBounds, + mIsVulnerable && result == getIntegerRes(R.integer.fail)); + } + + @Test + public void testRaceCondition() { + final long timeoutSec = 30L; try { - mContext.startActivity(intent); - } catch (ActivityNotFoundException e) { - assumeNoException(e); - } - SharedPreferences sharedPrefs = mContext.getSharedPreferences( - getStringRes(R.string.sharedPreferences), Context.MODE_APPEND); - assumeNotNull(sharedPrefs); - final Semaphore preferenceChanged = new Semaphore(0); - OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() { - @Override - public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, String key) { - if (key.equals(getStringRes(R.string.resultKey))) { - if (sharedPreferences.getInt(key, - getIntegerRes(R.integer.assumptionFailure)) == getIntegerRes( - R.integer.pass)) { - preferenceChanged.release(); + assumeNotNull(mContext); + launchMainActivity(getIntegerRes(R.integer.twoActivities)); + mSharedPrefs = mContext.getSharedPreferences(getStringRes(R.string.sharedPreferences), + Context.MODE_APPEND); + assumeNotNull(mSharedPrefs); + final Semaphore preferenceChanged = new Semaphore(0); + final Semaphore preferenceChanged2 = new Semaphore(0); + OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() { + @Override + public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, + String key) { + if (key.equals(getStringRes(R.string.resultKey))) { + if (sharedPreferences.getInt(key, + getIntegerRes(R.integer.assumptionFailure)) == getIntegerRes( + R.integer.pass)) { + preferenceChanged.release(); + mIsVulnerable = false; + } + } else if (key.equals(getStringRes(R.string.resultKey2))) { + if (sharedPreferences.getInt(key, + getIntegerRes(R.integer.assumptionFailure)) == getIntegerRes( + R.integer.pass)) { + preferenceChanged2.release(); + mIsVulnerable2 = false; + } } } - } - }; - sharedPrefs.registerOnSharedPreferenceChangeListener(listener); - try { + }; + mSharedPrefs.registerOnSharedPreferenceChangeListener(listener); preferenceChanged.tryAcquire(timeoutSec, TimeUnit.SECONDS); - } catch (InterruptedException e) { + + // Check if attacker activity is able to overlay victim activity + mFirstPocActivityBounds = getBounds(FirstPocActivity.class.getName()); + String attackerActivityName = getStringRes(R.string.attackerPkg) + "/." + + getStringRes(R.string.attackerActivity); + mPocAttackerActivityBounds = getBounds(attackerActivityName); + Log.e("DeviceTest", "mFirstPocActivityBounds=" + mFirstPocActivityBounds); + Log.e("DeviceTest", "mPocAttackerActivityBounds=" + mPocAttackerActivityBounds); + boolean isValidConfiguration = + mFirstPocActivityBounds.equals(mPocAttackerActivityBounds); + if (isValidConfiguration) { + checkResult(getStringRes(R.string.resultKey)); + } else { + // Device might have 2 task display areas. Detect vulnerability in this case. + mDevice.pressHome(); + assumeTrue(mDevice.wait(Until.gone(By.pkg(mContext.getPackageName())), timeoutSec)); + mIsVulnerable = true; + mIsVulnerable2 = true; + launchMainActivity(getIntegerRes(R.integer.threeActivities)); + preferenceChanged.tryAcquire(getIntegerRes(R.integer.permitCount), timeoutSec, + TimeUnit.SECONDS); + preferenceChanged2.tryAcquire(timeoutSec, TimeUnit.SECONDS); + + // check if attacker activity is able to overlay any of the victim activities + mFirstPocActivityBounds = getBounds(FirstPocActivity.class.getName()); + String secondActivityName = getStringRes(R.string.secondPocAppPkg) + "/." + + getStringRes(R.string.secondActivity); + mSecondPocActivityBounds = getBounds(secondActivityName); + mPocAttackerActivityBounds = getBounds(attackerActivityName); + Log.e("DeviceTest", "mFirstPocActivityBounds=" + mFirstPocActivityBounds); + Log.e("DeviceTest", "mSecondPocActivityBounds=" + mSecondPocActivityBounds); + Log.e("DeviceTest", "mPocAttackerActivityBounds=" + mPocAttackerActivityBounds); + isValidConfiguration = mFirstPocActivityBounds.equals(mPocAttackerActivityBounds); + boolean isValidConfiguration2 = + mSecondPocActivityBounds.equals(mPocAttackerActivityBounds); + assumeTrue( + getStringRes(R.string.boundsNotEqualMessage) + mFirstPocActivityBounds + " " + + mSecondPocActivityBounds + " " + mPocAttackerActivityBounds, + isValidConfiguration || isValidConfiguration2); + + if (isValidConfiguration) { + checkResult(getStringRes(R.string.resultKey)); + } else { + checkResult(getStringRes(R.string.resultKey2)); + } + } + } catch (Exception e) { assumeNoException(e); } - int result = sharedPrefs.getInt(getStringRes(R.string.resultKey), - getIntegerRes(R.integer.assumptionFailure)); - String message = sharedPrefs.getString(getStringRes(R.string.messageKey), - getStringRes(R.string.assumptionFailureMessage)); - assumeTrue(message, result != getIntegerRes(R.integer.assumptionFailure)); - assertNotEquals(message, result, getIntegerRes(R.integer.fail)); } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/FirstPocActivity.java index 038335e8711..c89986b9eaf 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocActivity.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/FirstPocActivity.java @@ -21,29 +21,35 @@ import android.content.Context; import android.content.SharedPreferences; import android.os.Bundle; -public class PocActivity extends Activity { +public class FirstPocActivity extends Activity { @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); - setSharedPreferenes(getResources().getInteger(R.integer.fail), - getString(R.string.failMessage)); + } + + @Override + protected void onResume() { + super.onResume(); + setSharedPreferenes(getResources().getInteger(R.integer.fail)); } @Override protected void onPause() { super.onPause(); - setSharedPreferenes(getResources().getInteger(R.integer.pass), - getString(R.string.passMessage)); + setSharedPreferenes(getResources().getInteger(R.integer.pass)); } - void setSharedPreferenes(int result, String message) { - SharedPreferences sh = - getSharedPreferences(getString(R.string.sharedPreferences), Context.MODE_PRIVATE); - SharedPreferences.Editor edit = sh.edit(); - edit.putInt(getString(R.string.resultKey), result); - edit.putString(getString(R.string.messageKey), message); - edit.commit(); + void setSharedPreferenes(int result) { + try { + SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences), + Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey), result); + edit.commit(); + } catch (Exception e) { + // ignore exception here + } } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java index 7a4e841f6fd..94de7f09a60 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java @@ -17,7 +17,6 @@ package android.security.cts.CVE_2022_20007; import android.app.Activity; -import android.content.ActivityNotFoundException; import android.content.ComponentName; import android.content.Context; import android.content.Intent; @@ -30,30 +29,48 @@ public class PocMainActivity extends Activity { protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); - launchAttack(); - } - - public void launchAttack() { - String testPkgName = getPackageName(); - final Intent coverIntent = new Intent(); - coverIntent.setComponent(new ComponentName("android.security.cts.CVE_2022_20007_attacker", - "android.security.cts.CVE_2022_20007_attacker.PocActivity")); - coverIntent.setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION | - Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_MULTIPLE_TASK); - final Intent victimIntent = new Intent(PocMainActivity.this, PocActivity.class); - victimIntent.setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION); - Intent[] intents = {victimIntent, coverIntent}; try { - startActivities(intents); - } catch (ActivityNotFoundException e) { - SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences), - Context.MODE_PRIVATE); - SharedPreferences.Editor edit = sh.edit(); - edit.putInt(getString(R.string.resultKey), - getResources().getInteger(R.integer.assumptionFailure)); - edit.putString(getString(R.string.messageKey), - getString(R.string.assumptionFailureMessage)); - edit.commit(); + String testPkgName = getPackageName(); + final Intent coverIntent = new Intent(); + coverIntent.setComponent(new ComponentName(getString(R.string.attackerPkg), + getString(R.string.attackerPkg) + "." + getString(R.string.attackerActivity))); + coverIntent.setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION | Intent.FLAG_ACTIVITY_NEW_TASK + | Intent.FLAG_ACTIVITY_MULTIPLE_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY); + final Intent victimIntent = new Intent(PocMainActivity.this, FirstPocActivity.class); + victimIntent + .setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION | Intent.FLAG_ACTIVITY_NO_HISTORY); + int numActivities = getIntent().getIntExtra(getString(R.string.numActivities), + /* default */ getResources().getInteger(R.integer.twoActivities)); + if (numActivities == getResources().getInteger(R.integer.twoActivities)) { + Intent[] intents = {victimIntent, coverIntent}; + startActivities(intents); + } else { + final Intent secondVictimIntent = new Intent(); + secondVictimIntent.setComponent(new ComponentName( + getString(R.string.secondPocAppPkg), getString(R.string.secondPocAppPkg) + + "." + getString(R.string.secondActivity))); + secondVictimIntent.setFlags( + Intent.FLAG_ACTIVITY_NO_ANIMATION | Intent.FLAG_ACTIVITY_NO_HISTORY); + startActivity(victimIntent); + + // wait to prevent both the victim activities from getting launched on same display + Thread.sleep(5000); + Intent[] intents2 = {secondVictimIntent, coverIntent}; + startActivities(intents2); + } + } catch (Exception e) { + try { + SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences), + Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey), + getResources().getInteger(R.integer.assumptionFailure)); + edit.putString(getString(R.string.messageKey), + getString(R.string.assumptionFailureMessage)); + edit.commit(); + } catch (Exception ex) { + // ignore exception here + } } } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp new file mode 100644 index 00000000000..582076e2d23 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2022-20197", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.rules", + "androidx.test.core", + ], + platform_apis: true, +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml new file mode 100644 index 00000000000..3ea2a62f7bc --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + xmlns:tools="http://schemas.android.com/tools" + package="android.security.cts.CVE_2022_20197"> + + <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2022_20197" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml new file mode 100644 index 00000000000..c9a9407b3da --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <string name="vulnerableMsg">Device is vulnerable to b/208279300!</string> + <string name="stringObj">CVE_2022_20197</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java new file mode 100644 index 00000000000..a7b56187d47 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20197; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static org.junit.Assert.assertNull; +import static org.junit.Assume.assumeNoException; + +import android.app.PendingIntent; +import android.content.res.Resources; +import android.os.Parcel; + +import androidx.test.runner.AndroidJUnit4; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + @Test + public void testParcel() { + try { + Resources resources = getApplicationContext().getResources(); + Parcel parcel = Parcel.obtain(); + Object cookie = (Object) resources.getString(R.string.stringObj); + parcel.setClassCookie(PendingIntent.class, cookie); + parcel.recycle(); + Object value = parcel.getClassCookie(PendingIntent.class); + assertNull(resources.getString(R.string.vulnerableMsg), value); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml index 6257834e8fa..4a250ceda12 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml @@ -15,16 +15,18 @@ limitations under the License. --> <resources> - <string name="appSettingsIconResId">com.android.settings:id/app_restrictions_settings</string> + <string name="allowAppsTextResId">restricted_profile_configure_apps_title</string> + <string name="appSettingsIconResId">%1$s:id/app_restrictions_settings</string> + <string name="customizeRestrictionsTextResId">restricted_profile_customize_restrictions</string> <string name="messageKey">message</string> <string name="resType">string</string> <string name="sharedPreferences">SharedPreferences</string> + <string name="shutdownMsgResId">shutdown_confirm</string> <string name="testFailMsg"> Vulnerable to b/223578534!! LaunchAnyWhere in AppRestrictionsFragment due to unsafe package check </string> <string name="textResId">user_restrictions_title</string> <string name="timedOutMsg">Timed out waiting for text/res %1$s on display</string> - <string name="uriData">tel:555-TEST</string> <string name="userName">CVE_2022_20223_RestrictedUser</string> </resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java index e47e593f31a..92b1df205bf 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java @@ -24,10 +24,10 @@ import static org.junit.Assume.assumeTrue; import android.content.Context; import android.content.Intent; import android.content.SharedPreferences; +import android.content.pm.PackageManager; import android.content.res.Resources; import android.os.Bundle; import android.provider.Settings; -import android.telecom.TelecomManager; import androidx.test.runner.AndroidJUnit4; import androidx.test.uiautomator.By; @@ -43,10 +43,11 @@ public class DeviceTest { private static final int TIMEOUT_MS = 20000; private UiDevice mDevice; private Context mContext; + private PackageManager mPackageManager; - private String getDefaultDialerPackage() { - TelecomManager telecomManager = mContext.getSystemService(TelecomManager.class); - return telecomManager.getSystemDialerPackage(); + boolean isTV() { + return mPackageManager.hasSystemFeature(PackageManager.FEATURE_TELEVISION) + || mPackageManager.hasSystemFeature(PackageManager.FEATURE_LEANBACK); } // Wait for UiObject to appear and click on the UiObject if it is visible @@ -63,47 +64,77 @@ public class DeviceTest { try { mDevice = UiDevice.getInstance(getInstrumentation()); mContext = getInstrumentation().getContext(); + mPackageManager = mContext.getPackageManager(); + if (isTV()) { + Intent intent = new Intent(Settings.ACTION_SECURITY_SETTINGS); + intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + mContext.startActivity(intent); - Intent intent = new Intent(Settings.ACTION_USER_SETTINGS); - intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); - mContext.startActivity(intent); + // Click on text "Allowed apps" + String settingsPackageName = + intent.resolveActivity(mPackageManager).getPackageName(); + Resources res = mPackageManager.getResourcesForApplication(settingsPackageName); + String text = res.getString( + res.getIdentifier(mContext.getString(R.string.allowAppsTextResId), + mContext.getString(R.string.resType), settingsPackageName)); + BySelector selector = By.text(text); + assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector)); - BySelector selector = By.text(mContext.getString(R.string.userName)); - assumeTrue( - mContext.getString(R.string.timedOutMsg, mContext.getString(R.string.userName)), - clickUiObject(selector)); + // Click on text "Customize restrictions" + text = res.getString(res.getIdentifier( + mContext.getString(R.string.customizeRestrictionsTextResId), + mContext.getString(R.string.resType), settingsPackageName)); + selector = By.text(text); + assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector)); + } else { + Intent intent = new Intent(Settings.ACTION_USER_SETTINGS); + intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + mContext.startActivity(intent); - String settingsPackageName = - intent.resolveActivity(mContext.getPackageManager()).getPackageName(); - Context settingsContext = mContext.createPackageContext(settingsPackageName, - Context.CONTEXT_IGNORE_SECURITY); - Resources res = settingsContext.getPackageManager() - .getResourcesForApplication(settingsPackageName); - String text = settingsContext - .getString(res.getIdentifier(mContext.getString(R.string.textResId), - mContext.getString(R.string.resType), settingsPackageName)); - selector = By.text(text); - assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector)); + // Click on text "CVE_2022_20223_RestrictedUser" + BySelector selector = By.text(mContext.getString(R.string.userName)); + assumeTrue(mContext.getString(R.string.timedOutMsg, + mContext.getString(R.string.userName)), clickUiObject(selector)); - selector = By.res(mContext.getString(R.string.appSettingsIconResId)); - assumeTrue( - mContext.getString(R.string.timedOutMsg, - mContext.getString(R.string.appSettingsIconResId)), - clickUiObject(selector)); + // Click on text "App & content access" + String settingsPackageName = + intent.resolveActivity(mPackageManager).getPackageName(); + Resources res = mPackageManager.getResourcesForApplication(settingsPackageName); + String text = + res.getString(res.getIdentifier(mContext.getString(R.string.textResId), + mContext.getString(R.string.resType), settingsPackageName)); + selector = By.text(text); + assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector)); + // Click on icon with resource-id "<settingsPackage>:id/app_restrictions_settings" + selector = By.res( + mContext.getString(R.string.appSettingsIconResId, settingsPackageName)); + assumeTrue( + mContext.getString(R.string.timedOutMsg, mContext + .getString(R.string.appSettingsIconResId, settingsPackageName)), + clickUiObject(selector)); + } + // Check if ShutDown activity is launched indicating presence of vulnerability + String androidPackageName = + PocBroadcastReceiver.getShutdownDefaultComponent(mContext).getPackageName(); + Resources res = mPackageManager.getResourcesForApplication(androidPackageName); + String text = + res.getString(res.getIdentifier(mContext.getString(R.string.shutdownMsgResId), + mContext.getString(R.string.resType), androidPackageName)); assertFalse(mContext.getString(R.string.testFailMsg), - mDevice.wait(Until.hasObject(By.pkg(getDefaultDialerPackage())), TIMEOUT_MS)); + mDevice.wait(Until.hasObject(By.text(text)), TIMEOUT_MS)); } catch (Exception e) { assumeNoException(e); } finally { try { + // Check occurrence of any exception in PocBroadcastReceiver SharedPreferences sharedPrefs = mContext.getSharedPreferences( mContext.getString(R.string.sharedPreferences), Context.MODE_APPEND); String assumptionFailure = sharedPrefs.getString(mContext.getString(R.string.messageKey), null); assumeTrue(assumptionFailure, assumptionFailure == null); } catch (Exception e) { - assumeNoException(e); + // Ignore exceptions here } } } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java index c3c7083df18..6df2b9db7fe 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java @@ -26,9 +26,8 @@ import android.os.Bundle; public class PocBroadcastReceiver extends BroadcastReceiver { - ComponentName getPrivilegeCallDefaultComponent(Context context) { - Intent intent = new Intent(Intent.ACTION_CALL_PRIVILEGED); - intent.setData(Uri.parse(context.getString(R.string.uriData))); + static ComponentName getShutdownDefaultComponent(Context context) { + Intent intent = new Intent(Intent.ACTION_REQUEST_SHUTDOWN); return intent.resolveActivity(context.getPackageManager()); } @@ -36,14 +35,14 @@ public class PocBroadcastReceiver extends BroadcastReceiver { public void onReceive(Context context, Intent intent) { try { Bundle result = new Bundle(); - Intent dialIntent = new Intent(); - dialIntent.setComponent(getPrivilegeCallDefaultComponent(context)); - dialIntent.setPackage(context.getPackageName()); - dialIntent.setData(Uri.parse(context.getString(R.string.uriData))); - dialIntent.setAction(Intent.ACTION_CALL_PRIVILEGED); - result.putParcelable(Intent.EXTRA_RESTRICTIONS_INTENT, dialIntent); + Intent shutDownIntent = new Intent(); + shutDownIntent.setComponent(getShutdownDefaultComponent(context)); + shutDownIntent.setPackage(context.getPackageName()); + shutDownIntent.setAction(Intent.ACTION_REQUEST_SHUTDOWN); + shutDownIntent.putExtra(Intent.EXTRA_KEY_CONFIRM, true); + shutDownIntent.putExtra(Intent.EXTRA_USER_REQUESTED_SHUTDOWN, true); + result.putParcelable(Intent.EXTRA_RESTRICTIONS_INTENT, shutDownIntent); setResultExtras(result); - return; } catch (Exception e) { SharedPreferences sh = context.getSharedPreferences( context.getString(R.string.sharedPreferences), Context.MODE_PRIVATE); diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java index 52f43c5d979..ec61aa1fdf6 100644 --- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java @@ -63,25 +63,20 @@ public class DeviceTest { return mContext.getResources().getInteger(resId); } + void switchBluetoothMode(String action) { + Intent intent = new Intent(mContext, PocActivity.class); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + intent.putExtra(mContext.getString(R.string.btAction), action); + mContext.startActivity(intent); + } + @Test public void testBluetoothDiscoverable() { OnSharedPreferenceChangeListener sharedPrefListener; SharedPreferences sharedPrefs; boolean btState = false; try { - BluetoothAdapter btAdapter = BluetoothAdapter.getDefaultAdapter(); - - // Save the state of bluetooth adapter to reset after the test - btState = btAdapter.isEnabled(); - - // If bluetooth is disabled, enable it and wait for start activity to complete mContext = InstrumentationRegistry.getInstrumentation().getContext(); - Intent intent = new Intent(mContext, PocActivity.class); - intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); - intent.putExtra(mContext.getString(R.string.btAction), - BluetoothAdapter.ACTION_REQUEST_ENABLE); - mContext.startActivity(intent); - Resources resources = mContext.getResources(); sharedPrefs = mContext.getSharedPreferences( resources.getString(R.string.sharedPreferences), Context.MODE_APPEND); @@ -96,6 +91,25 @@ public class DeviceTest { } }; sharedPrefs.registerOnSharedPreferenceChangeListener(sharedPrefListener); + BluetoothAdapter btAdapter = BluetoothAdapter.getDefaultAdapter(); + + // Save the state of bluetooth adapter to reset after the test + btState = btAdapter.isEnabled(); + + // Disable bluetooth if already enabled in 'SCAN_MODE_CONNECTABLE_DISCOVERABLE' mode + if (btAdapter.getScanMode() == btAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE) { + switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_DISABLE); + assumeTrue(mPreferenceChanged.tryAcquire(getInteger(R.integer.timeoutMs), + TimeUnit.MILLISECONDS)); + int result = sharedPrefs.getInt(resources.getString(R.string.resultKey), + resources.getInteger(R.integer.assumptionFailure)); + String message = sharedPrefs.getString(resources.getString(R.string.messageKey), + resources.getString(R.string.defaultSemaphoreMsg)); + assumeTrue(message, result != resources.getInteger(R.integer.assumptionFailure)); + } + + // Enable bluetooth if in disabled state + switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_ENABLE); assumeTrue(mPreferenceChanged.tryAcquire(getInteger(R.integer.timeoutMs), TimeUnit.MILLISECONDS)); int result = sharedPrefs.getInt(resources.getString(R.string.resultKey), @@ -107,6 +121,9 @@ public class DeviceTest { // Checking if bluetooth is enabled. The test requires bluetooth to be enabled assumeTrue(btAdapter.isEnabled()); + // Checking if bluetooth mode is not set to SCAN_MODE_CONNECTABLE_DISCOVERABLE + assumeTrue(btAdapter.getScanMode() != btAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE); + // Launch bluetooth settings which is supposed to set scan mode to // SCAN_MODE_CONNECTABLE_DISCOVERABLE if vulnerability is present UiAutomation uiautomation = @@ -114,7 +131,7 @@ public class DeviceTest { uiautomation .adoptShellPermissionIdentity(android.Manifest.permission.MODIFY_PHONE_STATE); String settingsPkg = getSettingsPkgName(); - intent = new Intent(); + Intent intent = new Intent(); intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); intent.setData(Uri.parse(mContext.getString(R.string.uri))); intent.setClassName(settingsPkg, settingsPkg + mContext.getString(R.string.className)); @@ -135,11 +152,7 @@ public class DeviceTest { try { // Disable bluetooth if it was OFF before the test if (!btState) { - Intent intent = new Intent(mContext, PocActivity.class); - intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); - intent.putExtra(mContext.getString(R.string.btAction), - BluetoothAdapter.ACTION_REQUEST_DISABLE); - mContext.startActivity(intent); + switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_DISABLE); assumeTrue(mPreferenceChanged.tryAcquire(getInteger(R.integer.timeoutMs), TimeUnit.MILLISECONDS)); } diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/Android.bp new file mode 100644 index 00000000000..b07e9f27603 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/Android.bp @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2022-20348", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/AndroidManifest.xml new file mode 100644 index 00000000000..ec6a7752482 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/AndroidManifest.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2022_20348" + android:versionCode="1" + android:versionName="1.0"> + <application> + <receiver android:name=".PocDeviceAdminReceiver" + android:permission="android.permission.BIND_DEVICE_ADMIN" + android:exported="true"> + <meta-data android:name="android.app.device_admin" + android:resource="@xml/device_policies" /> + <intent-filter> + <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /> + </intent-filter> + </receiver> + </application> + + <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2022_20348" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/values/strings.xml new file mode 100644 index 00000000000..e79968d7bb8 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/values/strings.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <string name="wifiScanningPattern">.*wi.fi scanning.*</string> + <string name="wifiScanningTimedOut">Timed out waiting on the text \'Wi-fi scanning\' to appear + </string> + <string name="failMsg">Device is vulnerable to b/228315529 !!</string> + <string name="locationIntentAction">android.settings.LOCATION_SCANNING_SETTINGS</string> + <string name="resWifiScanning">android:id/title</string> + <string name="setUserRestrictionFailed">Failed to set user restriction + UserManager.DISALLOW_CONFIG_LOCATION</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/xml/device_policies.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/xml/device_policies.xml new file mode 100644 index 00000000000..65ce601d65f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/xml/device_policies.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<device-admin xmlns:android="http://schemas.android.com/apk/res/android"> + <uses-policies> + </uses-policies> +</device-admin> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/DeviceTest.java new file mode 100644 index 00000000000..9cdb35d6704 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/DeviceTest.java @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20348; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.app.admin.DevicePolicyManager; +import android.content.ComponentName; +import android.content.Context; +import android.content.Intent; +import android.os.UserManager; + +import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiObject2; +import androidx.test.uiautomator.Until; + +import org.junit.After; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + Context mContext; + UiDevice mDevice; + DevicePolicyManager mDevicePolicyManager; + ComponentName mComponentName; + static final String USER_RESTRICTION = UserManager.DISALLOW_CONFIG_LOCATION; + static final int UI_TIMEOUT_MS = 5000; + + String getStringRes(int key) { + return mContext.getResources().getString(key); + } + + int getIntegerRes(int key) { + return mContext.getResources().getInteger(key); + } + + @After + public void tearDown() { + try { + /* Return to home screen after test */ + mDevice.pressHome(); + + /* + * Clear user restriction "DISALLOW_CONFIG_LOCATION" set by the test and also clear the + * app as device owner. + */ + mDevicePolicyManager.clearUserRestriction(mComponentName, USER_RESTRICTION); + mDevicePolicyManager.clearDeviceOwnerApp(mContext.getPackageName()); + } catch (Exception e) { + // ignore the exception as the test is already complete + } + } + + @Test + public void testWifiScanningDisallowed() { + try { + mDevice = UiDevice.getInstance(getInstrumentation()); + mContext = getApplicationContext(); + mDevicePolicyManager = mContext.getSystemService(DevicePolicyManager.class); + mComponentName = new ComponentName(PocDeviceAdminReceiver.class.getPackage().getName(), + PocDeviceAdminReceiver.class.getName()); + mDevicePolicyManager.addUserRestriction(mComponentName, USER_RESTRICTION); + UserManager userManager = mContext.getSystemService(UserManager.class); + assumeTrue(getStringRes(R.string.setUserRestrictionFailed), + userManager.getUserRestrictions().getBoolean(USER_RESTRICTION)); + + /* Start the window that contains option to toggle "Wi-Fi scanning" on/off */ + Intent intent = new Intent(getStringRes(R.string.locationIntentAction)); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + mContext.startActivity(intent); + + /* Wait for the window that contains option to toggle "Wi-Fi scanning" */ + Pattern wifiScanningPattern = Pattern + .compile(getStringRes(R.string.wifiScanningPattern), Pattern.CASE_INSENSITIVE); + boolean wifiScanningFound = mDevice.wait(Until.hasObject( + By.text(wifiScanningPattern).res(getStringRes(R.string.resWifiScanning))), + UI_TIMEOUT_MS); + assumeTrue(getStringRes(R.string.wifiScanningTimedOut), wifiScanningFound); + + /* + * Check if the toggle "Wi-Fi scanning" is enabled, it is supposed to be disabled by + * the Device Admin in presence of fix + */ + UiObject2 wifiScanningToggle = mDevice.findObject( + By.text(wifiScanningPattern).res(getStringRes(R.string.resWifiScanning))); + assertFalse(getStringRes(R.string.failMsg), wifiScanningToggle.isEnabled()); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/PocDeviceAdminReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/PocDeviceAdminReceiver.java new file mode 100644 index 00000000000..129a6b52dc8 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/PocDeviceAdminReceiver.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20348; + +import android.app.admin.DeviceAdminReceiver; + +public class PocDeviceAdminReceiver extends DeviceAdminReceiver { +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp new file mode 100644 index 00000000000..2accd9e4dc7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2022-20349", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml new file mode 100644 index 00000000000..a59d1d14fd4 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2022_20349" + android:versionCode="1" + android:versionName="1.0"> + <application> + <receiver android:name=".PocDeviceAdminReceiver" + android:permission="android.permission.BIND_DEVICE_ADMIN" + android:exported="true"> + <meta-data android:name="android.app.device_admin" + android:resource="@xml/device_policies" /> + <intent-filter> + <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /> + </intent-filter> + </receiver> + </application> + + <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2022_20349" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml new file mode 100644 index 00000000000..78fc6ccef47 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <string name="btScanningPattern">.*bluetooth scanning.*</string> + <string name="btScanningTimedOut">Timed out waiting on the text \'Bluetooth scanning\' to appear + </string> + <string name="failMsg">Device is vulnerable to b/228315522 !!</string> + <string name="locationIntentAction">android.settings.LOCATION_SCANNING_SETTINGS</string> + <string name="resBtScanning">android:id/title</string> + <string name="setUserRestrictionFailed">Failed to set user restriction + UserManager.DISALLOW_CONFIG_LOCATION</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml new file mode 100644 index 00000000000..65ce601d65f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<device-admin xmlns:android="http://schemas.android.com/apk/res/android"> + <uses-policies> + </uses-policies> +</device-admin> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java new file mode 100644 index 00000000000..b5083e9671f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20349; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.app.admin.DevicePolicyManager; +import android.content.ComponentName; +import android.content.Context; +import android.content.Intent; +import android.os.UserManager; + +import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiObject2; +import androidx.test.uiautomator.Until; + +import org.junit.After; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + Context mContext; + UiDevice mDevice; + DevicePolicyManager mDevicePolicyManager; + ComponentName mComponentName; + static final String USER_RESTRICTION = UserManager.DISALLOW_CONFIG_LOCATION; + static final int UI_TIMEOUT_MS = 5000; + + String getStringRes(int key) { + return mContext.getResources().getString(key); + } + + int getIntegerRes(int key) { + return mContext.getResources().getInteger(key); + } + + @After + public void tearDown() { + try { + /* Return to home screen after test */ + mDevice.pressHome(); + + /* + * Clear user restriction "DISALLOW_CONFIG_LOCATION" set by the test and also clear the + * app as device owner. + */ + mDevicePolicyManager.clearUserRestriction(mComponentName, USER_RESTRICTION); + mDevicePolicyManager.clearDeviceOwnerApp(mContext.getPackageName()); + } catch (Exception e) { + // ignore the exception as the test is already complete + } + } + + @Test + public void testBluetoothScanningDisallowed() { + try { + mDevice = UiDevice.getInstance(getInstrumentation()); + mContext = getApplicationContext(); + mDevicePolicyManager = + mContext.getSystemService(DevicePolicyManager.class); + mComponentName = + new ComponentName(PocDeviceAdminReceiver.class.getPackage().getName(), + PocDeviceAdminReceiver.class.getName()); + mDevicePolicyManager.addUserRestriction(mComponentName, USER_RESTRICTION); + UserManager userManager = mContext.getSystemService(UserManager.class); + assumeTrue(getStringRes(R.string.setUserRestrictionFailed), + userManager.getUserRestrictions().getBoolean(USER_RESTRICTION)); + + /* Start the window that contains option to toggle "Bluetooth scanning" on/off */ + Intent intent = new Intent(getStringRes(R.string.locationIntentAction)); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + mContext.startActivity(intent); + + /* Wait for the window that contains option to toggle "Bluetooth scanning" */ + Pattern btScanningPattern = Pattern.compile(getStringRes(R.string.btScanningPattern), + Pattern.CASE_INSENSITIVE); + boolean btScanningFound = mDevice.wait( + Until.hasObject( + By.text(btScanningPattern).res(getStringRes(R.string.resBtScanning))), + UI_TIMEOUT_MS); + assumeTrue(getStringRes(R.string.btScanningTimedOut), btScanningFound); + + /* + * Check if the toggle "Bluetooth scanning" is enabled, it is supposed to be disabled by + * the Device Admin in presence of fix + */ + UiObject2 btScanningToggle = mDevice.findObject( + By.text(btScanningPattern).res(getStringRes(R.string.resBtScanning))); + assertFalse(getStringRes(R.string.failMsg), btScanningToggle.isEnabled()); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java new file mode 100644 index 00000000000..145307126e7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20349; + +import android.app.admin.DeviceAdminReceiver; + +public class PocDeviceAdminReceiver extends DeviceAdminReceiver { +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/Android.bp new file mode 100644 index 00000000000..37d35eb74f2 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/Android.bp @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2022-20353", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/AndroidManifest.xml new file mode 100644 index 00000000000..d4129ac8823 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/AndroidManifest.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2022_20353"> + <application + android:label="@string/appName" + android:supportsRtl="true"> + <activity + android:name=".PocActivity" + android:exported="true"> + <intent-filter> + <action android:name="android.intent.action.RINGTONE_PICKER" /> + <category android:name="android.intent.category.DEFAULT" /> + </intent-filter> + </activity> + </application> + <instrumentation + android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2022_20353" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/integers.xml new file mode 100644 index 00000000000..3207c29a0bd --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/integers.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <integer name="assumptionFailure">-1</integer> + <integer name="success">0</integer> + <integer name="timeoutMs">20000</integer> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/strings.xml new file mode 100644 index 00000000000..27e87f65446 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/strings.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <string name="alwaysButtonId">android:id/button_always</string> + <string name="appName">CVE-2022-20353</string> + <string name="defaultSemaphoreMsg">Could not get message key in shared preferences</string> + <string name="failureMessage"> + Device is vulnerable to b/221041256!! Privilege escalation possible in + com.android.settings.DefaultRingtonePreference + </string> + <string name="fileName">NOTICE.html</string> + <string name="getRingtoneCmd">settings get system ringtone</string> + <string name="messageKey">message</string> + <string name="noticeUri"> + content://com.android.settings.files/my_cache/NOTICE.html + </string> + <string name="resType">string</string> + <string name="resultKey">result</string> + <string name="setRingtoneCmd">settings put system ringtone</string> + <string name="sharedPreferences">sharedPreferences</string> + <string name="textResId">ringtone_title</string> + <string name="uiObjectNotFoundMsg">Unable to find UiObject with %1$s text/id</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/DeviceTest.java new file mode 100644 index 00000000000..af1f9782ab0 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/DeviceTest.java @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20353; + +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; +import static org.junit.Assert.assertFalse; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.content.Context; +import android.content.Intent; +import android.content.SharedPreferences; +import android.content.SharedPreferences.OnSharedPreferenceChangeListener; +import android.content.res.Resources; +import android.provider.Settings; + +import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.BySelector; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiScrollable; +import androidx.test.uiautomator.UiSelector; +import androidx.test.uiautomator.Until; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.concurrent.Semaphore; +import java.util.concurrent.TimeUnit; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + Resources mResources; + UiDevice mDevice; + Context mContext; + + // Wait for UiObject to appear and click on the UiObject if it is visible + private boolean clickUiObject(BySelector selector) { + boolean objectFound = + mDevice.wait(Until.hasObject(selector), mResources.getInteger(R.integer.timeoutMs)); + if (objectFound) { + mDevice.findObject(selector).click(); + } + return objectFound; + } + + @Test + public void testDefaultRingtonePreference() { + String defaultRingtone = null; + try { + mDevice = UiDevice.getInstance(getInstrumentation()); + mContext = getInstrumentation().getContext(); + mResources = mContext.getResources(); + defaultRingtone = + mDevice.executeShellCommand(mContext.getString(R.string.getRingtoneCmd)); + + Intent intent = new Intent(Settings.ACTION_SOUND_SETTINGS); + intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + mContext.startActivity(intent); + + String settingsPackageName = + intent.resolveActivity(mContext.getPackageManager()).getPackageName(); + Context settingsContext = mContext.createPackageContext(settingsPackageName, + Context.CONTEXT_IGNORE_SECURITY); + Resources res = settingsContext.getPackageManager() + .getResourcesForApplication(settingsPackageName); + String text = settingsContext + .getString(res.getIdentifier(mContext.getString(R.string.textResId), + mContext.getString(R.string.resType), settingsPackageName)); + // scroll until text 'Phone ringtone' is visible + UiScrollable uiScrollable = new UiScrollable(new UiSelector().scrollable(true)); + uiScrollable.scrollTextIntoView(text); + // click on 'Phone ringtone' + BySelector selector = By.text(text); + assumeTrue(mContext.getString(R.string.uiObjectNotFoundMsg, text), + clickUiObject(selector)); + // select CTS PoC app + text = mContext.getString(R.string.appName); + selector = By.text(text); + assumeTrue(mContext.getString(R.string.uiObjectNotFoundMsg, text), + clickUiObject(selector)); + // select 'Always' + String resId = mContext.getString(R.string.alwaysButtonId); + selector = By.res(resId); + assumeTrue(mContext.getString(R.string.uiObjectNotFoundMsg, resId), + clickUiObject(selector)); + + SharedPreferences sharedPrefs = mContext.getSharedPreferences( + mContext.getString(R.string.sharedPreferences), Context.MODE_APPEND); + Semaphore preferenceChanged = new Semaphore(0); + OnSharedPreferenceChangeListener sharedPrefListener = + new OnSharedPreferenceChangeListener() { + @Override + public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, + String key) { + if (key.equals(mContext.getString(R.string.resultKey))) { + preferenceChanged.release(); + } + } + }; + sharedPrefs.registerOnSharedPreferenceChangeListener(sharedPrefListener); + // wait for PocActivity to complete + assumeTrue(preferenceChanged.tryAcquire(mResources.getInteger(R.integer.timeoutMs), + TimeUnit.MILLISECONDS)); + int result = sharedPrefs.getInt(mContext.getString(R.string.resultKey), + mResources.getInteger(R.integer.assumptionFailure)); + String message = sharedPrefs.getString(mContext.getString(R.string.messageKey), + mContext.getString(R.string.defaultSemaphoreMsg)); + assumeTrue(message, result != mResources.getInteger(R.integer.assumptionFailure)); + + String ringtoneUri = ""; + boolean isVulnerable = false; + long startTime = System.currentTimeMillis(); + while ((System.currentTimeMillis() - startTime) < mResources + .getInteger(R.integer.timeoutMs)) { + ringtoneUri = + mDevice.executeShellCommand(mContext.getString(R.string.getRingtoneCmd)); + if (ringtoneUri.contains(mContext.getString(R.string.fileName))) { + isVulnerable = true; + break; + } + } + assertFalse(mContext.getString(R.string.failureMessage), isVulnerable); + } catch (Exception e) { + assumeNoException(e); + } finally { + try { + // reset ringtone to default (other than 'null') present before test + mDevice.executeShellCommand( + mContext.getString(R.string.setRingtoneCmd) + " " + defaultRingtone); + mDevice.pressHome(); + } catch (Exception e) { + // ignore exception here + } + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/PocActivity.java new file mode 100644 index 00000000000..977e647d2e2 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/PocActivity.java @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20353; + +import android.app.Activity; +import android.content.Context; +import android.content.Intent; +import android.content.SharedPreferences; +import android.media.RingtoneManager; +import android.net.Uri; +import android.os.Bundle; + +/* PocActivity is required in this test since it is required that CTS PoC app is selected when */ +/* choosing an app for setting default ringtone. RingtonePicker appears due to actions done in */ +/* DeviceTest. */ +public class PocActivity extends Activity { + + @Override + protected void onCreate(Bundle savedInstanceState) { + try { + super.onCreate(savedInstanceState); + Intent intent = new Intent(); + /* set NOTICE.html file uri as EXTRA_RINGTONE_PICKED_URI which sets NOTICE.html as */ + /* default ringtone if vulnerability is present */ + intent.putExtra(RingtoneManager.EXTRA_RINGTONE_PICKED_URI, + Uri.parse(getString(R.string.noticeUri))); + setResult(Activity.RESULT_OK, intent); + finish(); + sendTestResult(getResources().getInteger(R.integer.success), ""); + } catch (Exception e) { + sendTestResult(getResources().getInteger(R.integer.assumptionFailure), e.getMessage()); + } + } + + void sendTestResult(int result, String message) { + try { + SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences), + Context.MODE_PRIVATE); + SharedPreferences.Editor edit = sh.edit(); + edit.putInt(getString(R.string.resultKey), result); + edit.putString(getString(R.string.messageKey), message); + edit.commit(); + } catch (Exception e) { + // ignore exception here + } + } + +} diff --git a/tests/accessibility/Android.bp b/tests/accessibility/Android.bp index 91ce26b6898..03c7d1b85a7 100644 --- a/tests/accessibility/Android.bp +++ b/tests/accessibility/Android.bp @@ -21,6 +21,7 @@ java_library_static { sdk_version: "test_current", static_libs: [ "compatibility-device-util-axt", + "sts-device-util", ], srcs: ["common/src/**/*.java"], } @@ -39,6 +40,7 @@ android_test { test_suites: [ "cts", "general-tests", + "sts", ], sdk_version: "test_current", } diff --git a/tests/accessibility/AndroidManifest.xml b/tests/accessibility/AndroidManifest.xml index bf3b1a82567..056ca59ec8a 100644 --- a/tests/accessibility/AndroidManifest.xml +++ b/tests/accessibility/AndroidManifest.xml @@ -60,6 +60,17 @@ android:resource="@xml/speaking_and_vibrating_accessibilityservice"/> </service> + <service android:name=".NoFeedbackAccessibilityService" + android:label="@string/title_no_feedback_accessibility_service" + android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE" + android:exported="true"> + <intent-filter> + <action android:name="android.accessibilityservice.AccessibilityService"/> + </intent-filter> + <meta-data android:name="android.accessibilityservice" + android:resource="@xml/no_feedback_accessibilityservice"/> + </service> + <service android:name=".AccessibilityButtonService" android:label="@string/title_accessibility_button_service" android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE" diff --git a/tests/accessibility/res/values/strings.xml b/tests/accessibility/res/values/strings.xml index 40c33591b7c..4c8cca9847b 100644 --- a/tests/accessibility/res/values/strings.xml +++ b/tests/accessibility/res/values/strings.xml @@ -26,6 +26,9 @@ <!-- String title for the vibrating accessibility service --> <string name="title_speaking_and_vibrating_accessibility_service">Speaking and Vibrating Accessibility Service</string> + <!-- String title for the no-feedback accessibility service --> + <string name="title_no_feedback_accessibility_service">No-Feedback Accessibility Service</string> + <!-- String title for the accessibility button service --> <string name="title_accessibility_button_service">Accessibility Button Service</string> diff --git a/apps/MainlineModuleDetector/AndroidManifest.xml b/tests/accessibility/res/xml/no_feedback_accessibilityservice.xml index dce1cae6ccc..168e5845031 100644 --- a/apps/MainlineModuleDetector/AndroidManifest.xml +++ b/tests/accessibility/res/xml/no_feedback_accessibilityservice.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="utf-8"?> -<!-- Copyright (C) 2019 The Android Open Source Project +<!-- Copyright (C) 2022 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -13,19 +13,4 @@ See the License for the specific language governing permissions and limitations under the License. --> - -<manifest xmlns:android="http://schemas.android.com/apk/res/android" - package="com.android.cts.mainlinemoduledetector" - android:versionCode="1" - android:versionName="1.0"> - - <application> - <activity android:name=".MainlineModuleDetector" - android:exported="true"> - <intent-filter> - <action android:name="android.intent.action.MAIN"/> - <category android:name="android.intent.category.LAUNCHER"/> - </intent-filter> - </activity> - </application> -</manifest> +<accessibility-service xmlns:android="http://schemas.android.com/apk/res/android"/> diff --git a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java index f1eab6cdfc5..5f9d5013564 100644 --- a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java +++ b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java @@ -34,6 +34,7 @@ import android.app.UiAutomation; import android.content.Context; import android.content.pm.ServiceInfo; import android.os.Handler; +import android.platform.test.annotations.AsbSecurityTest; import android.view.accessibility.AccessibilityEvent; import android.view.accessibility.AccessibilityManager; import android.view.accessibility.AccessibilityManager.AccessibilityStateChangeListener; @@ -42,6 +43,8 @@ import android.view.accessibility.AccessibilityManager.TouchExplorationStateChan import androidx.test.InstrumentationRegistry; import androidx.test.runner.AndroidJUnit4; +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + import com.android.compatibility.common.util.PollingCheck; import com.android.compatibility.common.util.SystemUtil; @@ -59,7 +62,7 @@ import java.util.concurrent.atomic.AtomicBoolean; * Class for testing {@link AccessibilityManager}. */ @RunWith(AndroidJUnit4.class) -public class AccessibilityManagerTest { +public class AccessibilityManagerTest extends StsExtraBusinessLogicTestCase { private AccessibilityDumpOnFailureRule mDumpOnFailureRule = new AccessibilityDumpOnFailureRule(); @@ -77,9 +80,15 @@ public class AccessibilityManagerTest { new InstrumentedAccessibilityServiceTestRule<>( SpeakingAndVibratingAccessibilityService.class, false); + private InstrumentedAccessibilityServiceTestRule<NoFeedbackAccessibilityService> + mNoFeedbackAccessibilityServiceRule = + new InstrumentedAccessibilityServiceTestRule<>( + NoFeedbackAccessibilityService.class, false); + @Rule public final RuleChain mRuleChain = RuleChain .outerRule(mSpeakingAndVibratingAccessibilityServiceRule) + .around(mNoFeedbackAccessibilityServiceRule) .around(mVibratingAccessibilityServiceRule) .around(mSpeakingAccessibilityServiceRule) // Inner rule capture failure and dump data before finishing activity and a11y service @@ -97,6 +106,9 @@ public class AccessibilityManagerTest { private static final String MULTIPLE_FEEDBACK_TYPES_ACCESSIBILITY_SERVICE_NAME = "android.view.accessibility.cts.SpeakingAndVibratingAccessibilityService"; + private static final String NO_FEEDBACK_ACCESSIBILITY_SERVICE_NAME = + "android.view.accessibility.cts.NoFeedbackAccessibilityService"; + public static final String ACCESSIBILITY_NON_INTERACTIVE_UI_TIMEOUT_MS = "accessibility_non_interactive_ui_timeout_ms"; @@ -202,6 +214,26 @@ public class AccessibilityManagerTest { assertTrue("The vibrating service should be enabled.", vibratingServiceEnabled); } + @AsbSecurityTest(cveBugId = {243849844}) + @Test + public void testGetEnabledAccessibilityServiceList_NoFeedback() { + mNoFeedbackAccessibilityServiceRule.enableService(); + List<AccessibilityServiceInfo> enabledServices = + mAccessibilityManager.getEnabledAccessibilityServiceList( + AccessibilityServiceInfo.FEEDBACK_ALL_MASK); + boolean noFeedbackServiceEnabled = false; + final int serviceCount = enabledServices.size(); + for (int i = 0; i < serviceCount; i++) { + AccessibilityServiceInfo enabledService = enabledServices.get(i); + ServiceInfo serviceInfo = enabledService.getResolveInfo().serviceInfo; + if (mTargetContext.getPackageName().equals(serviceInfo.packageName) + && NO_FEEDBACK_ACCESSIBILITY_SERVICE_NAME.equals(serviceInfo.name)) { + noFeedbackServiceEnabled = true; + } + } + assertTrue("The no-feedback service should be enabled.", noFeedbackServiceEnabled); + } + @Test public void testGetEnabledAccessibilityServiceListForType() throws Exception { mSpeakingAccessibilityServiceRule.enableService(); diff --git a/tests/accessibility/src/android/view/accessibility/cts/NoFeedbackAccessibilityService.java b/tests/accessibility/src/android/view/accessibility/cts/NoFeedbackAccessibilityService.java new file mode 100644 index 00000000000..0c79ae41515 --- /dev/null +++ b/tests/accessibility/src/android/view/accessibility/cts/NoFeedbackAccessibilityService.java @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.view.accessibility.cts; + +import android.accessibility.cts.common.InstrumentedAccessibilityService; +import android.content.ComponentName; + +/** + * Stub accessibility service that reports itself as providing no feedback. + */ +public class NoFeedbackAccessibilityService extends InstrumentedAccessibilityService { + public static final ComponentName COMPONENT_NAME = new ComponentName( + "android.view.accessibility.cts", + "android.view.accessibility.cts.NoFeedbackAccessibilityService"); +} diff --git a/tests/framework/base/windowmanager/AndroidManifest.xml b/tests/framework/base/windowmanager/AndroidManifest.xml index 287e67cb003..97c6d9734cc 100644 --- a/tests/framework/base/windowmanager/AndroidManifest.xml +++ b/tests/framework/base/windowmanager/AndroidManifest.xml @@ -461,6 +461,10 @@ <activity android:name="android.server.wm.WindowInputTests$TestActivity" /> + <activity android:name="android.server.wm.ActivityRecordInputSinkTestsActivity" + android:theme="@android:style/Theme.Material.NoActionBar" + android:exported="true"/> + <service android:name="android.view.cts.surfacevalidator.LocalMediaProjectionService" android:foregroundServiceType="mediaProjection" android:enabled="true"> diff --git a/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml b/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml index c0180004009..d4de7b1e804 100755 --- a/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml +++ b/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml @@ -48,5 +48,7 @@ <activity android:name=".PipActivity" android:exported="true" android:supportsPictureInPicture="true"/> + <activity android:name=".VirtualDisplayActivity" + android:exported="true"/> </application> </manifest> diff --git a/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java new file mode 100644 index 00000000000..5461305f2d0 --- /dev/null +++ b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.server.wm.backgroundactivity.appa; + +import android.app.Presentation; +import android.hardware.display.DisplayManager; +import android.hardware.display.VirtualDisplay; +import android.os.Bundle; + +public class VirtualDisplayActivity extends RelaunchingActivity { + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + createVirtualDisplayAndShowPresentation(); + } + + private void createVirtualDisplayAndShowPresentation() { + VirtualDisplay virtualDisplay = getSystemService(DisplayManager.class).createVirtualDisplay( + "VirtualDisplay1", 10, 10, 10, null, 0); + new Presentation(getBaseContext(), virtualDisplay.getDisplay()).show(); + } +} diff --git a/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java b/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java index d46e9224395..65e4d715003 100644 --- a/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java +++ b/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java @@ -97,6 +97,9 @@ public class BackgroundActivityLaunchTest extends ActivityManagerTestBase { public static final ComponentName APP_A_PIP_ACTIVITY = new ComponentName(TEST_PACKAGE_APP_A, "android.server.wm.backgroundactivity.appa.PipActivity"); + public static final ComponentName APP_A_VIRTUAL_DISPLAY_ACTIVITY = + new ComponentName(TEST_PACKAGE_APP_A, + "android.server.wm.backgroundactivity.appa.VirtualDisplayActivity"); private static final String SHELL_PACKAGE = "com.android.shell"; /** @@ -547,6 +550,24 @@ public class BackgroundActivityLaunchTest extends ActivityManagerTestBase { assertActivityNotResumed(); } + // Check that a presentation on a virtual display won't allow BAL after pressing home. + @Test + public void testVirtualDisplayCannotStartAfterHomeButton() throws Exception { + Intent intent = new Intent(); + intent.setComponent(APP_A_VIRTUAL_DISPLAY_ACTIVITY); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + mContext.startActivity(intent); + + assertTrue("VirtualDisplay activity not started", waitUntilForegroundChanged( + TEST_PACKAGE_APP_A, true, ACTIVITY_START_TIMEOUT_MS)); + + // Click home button, and test app activity onPause() will trigger which tries to launch + // the background activity. + pressHomeAndWaitHomeResumed(); + + assertActivityNotResumed(); + } + private void pressHomeAndWaitHomeResumed() { pressHomeButton(); mWmState.waitForHomeActivityVisible(); diff --git a/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml b/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml index 3a608dc366e..40910d7ecb4 100644 --- a/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml +++ b/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml @@ -19,22 +19,29 @@ package="android.server.wm.overlay"> <!-- We use SAWs to create obscuring windows for test WindowUntrustedTouchTest --> - <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" /> + <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/> <application> <service android:name="android.server.wm.overlay.UntrustedTouchTestService" - android:exported="true" /> + android:exported="true"/> <activity android:name="android.server.wm.overlay.OverlayActivity" android:theme="@android:style/Theme.Translucent" - android:exported="true" /> + android:exported="true"/> <activity android:name="android.server.wm.overlay.ExitAnimationActivity" - android:exported="true" /> + android:exported="true"/> <activity android:name="android.server.wm.overlay.ToastActivity" - android:exported="true" /> + android:exported="true"/> + <activity + android:name="android.server.wm.overlay.TrampolineActivity" + android:exported="true"/> + <activity + android:name="android.server.wm.overlay.TranslucentFloatingActivity" + android:theme="@style/TranslucentFloatingTheme" + android:exported="true"/> </application> </manifest> diff --git a/tests/framework/base/windowmanager/overlayappbase/res/anim/fade.xml b/tests/framework/base/windowmanager/overlayappbase/res/anim/fade.xml new file mode 100644 index 00000000000..be65f81cd29 --- /dev/null +++ b/tests/framework/base/windowmanager/overlayappbase/res/anim/fade.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Copyright (C) 2008 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<alpha xmlns:android="http://schemas.android.com/apk/res/android" + android:fromAlpha="1.0" + android:toAlpha="0.0" + android:duration="3000" /> diff --git a/tests/framework/base/windowmanager/overlayappbase/res/values/styles.xml b/tests/framework/base/windowmanager/overlayappbase/res/values/styles.xml new file mode 100644 index 00000000000..fd7ccc2ea3c --- /dev/null +++ b/tests/framework/base/windowmanager/overlayappbase/res/values/styles.xml @@ -0,0 +1,23 @@ +<!-- + ~ Copyright (C) 2018 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<resources> + <style name="TranslucentFloatingTheme" > + <item name="android:windowIsTranslucent">true</item> + <item name="android:windowIsFloating">true</item> + <item name="android:windowNoTitle">true</item> + </style> +</resources> diff --git a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java index beff6c1ac1c..499d590b616 100644 --- a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java +++ b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java @@ -17,6 +17,7 @@ package android.server.wm.overlay; import android.content.ComponentName; +import android.os.Bundle; import android.server.wm.component.ComponentsBase; @@ -51,6 +52,33 @@ public class Components extends ComponentsBase { ComponentName COMPONENT = component("ToastActivity"); } + public interface TranslucentFloatingActivity { + String ACTION_FINISH = + "android.server.wm.overlay.TranslucentFloatingActivity.ACTION_FINISH"; + String EXTRA_FADE_EXIT = + "android.server.wm.overlay.TranslucentFloatingActivity.ACTION_FINISH_FADE_EXIT"; + ComponentName BASE_COMPONENT = component("TranslucentFloatingActivity"); + static ComponentName getComponent(String packageName) { + return new ComponentName(packageName, BASE_COMPONENT.getClassName()); + } + } + + public interface TrampolineActivity { + ComponentName BASE_COMPONENT = component("TrampolineActivity"); + String COMPONENTS_EXTRA = "components_extra"; + + static ComponentName getComponent(String packageName) { + return new ComponentName(packageName, BASE_COMPONENT.getClassName()); + } + + static Bundle buildTrampolineExtra(ComponentName... componentNames) { + Bundle trampolineTarget = new Bundle(); + trampolineTarget.putParcelableArray(COMPONENTS_EXTRA, componentNames); + return trampolineTarget; + } + + } + private static ComponentName component(String className) { return component(Components.class, className); } diff --git a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TrampolineActivity.java b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TrampolineActivity.java new file mode 100644 index 00000000000..a7be8babd27 --- /dev/null +++ b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TrampolineActivity.java @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.server.wm.overlay; + +import android.app.Activity; +import android.content.ComponentName; +import android.content.Intent; +import android.os.Bundle; +import android.os.Parcelable; + +public class TrampolineActivity extends Activity { + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + Parcelable[] componentNames = getIntent().getParcelableArrayExtra( + Components.TrampolineActivity.COMPONENTS_EXTRA); + for (Parcelable parcel : componentNames) { + ComponentName componentName = (ComponentName) parcel; + Intent intent = new Intent(); + intent.setComponent(componentName); + startActivity(intent); + } + finish(); + } + +} diff --git a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TranslucentFloatingActivity.java b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TranslucentFloatingActivity.java new file mode 100644 index 00000000000..e6249acc87d --- /dev/null +++ b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TranslucentFloatingActivity.java @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.server.wm.overlay; + +import android.app.Activity; +import android.content.BroadcastReceiver; +import android.content.Context; +import android.content.Intent; +import android.content.IntentFilter; +import android.graphics.Color; +import android.os.Bundle; +import android.view.Gravity; +import android.view.WindowManager; +import android.widget.LinearLayout; + +public class TranslucentFloatingActivity extends Activity { + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + + LinearLayout tv = new LinearLayout(this); + tv.setBackgroundColor(Color.GREEN); + tv.setPadding(50, 50, 50, 50); + tv.setGravity(Gravity.CENTER); + setContentView(tv); + + getWindow().addFlags(WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL); + getWindow().clearFlags(WindowManager.LayoutParams.FLAG_DIM_BEHIND); + + registerReceiver(mReceiver, + new IntentFilter(Components.TranslucentFloatingActivity.ACTION_FINISH)); + } + + private final BroadcastReceiver mReceiver = new BroadcastReceiver() { + @Override + public void onReceive(Context context, Intent intent) { + if (Components.TranslucentFloatingActivity.ACTION_FINISH.equals(intent.getAction())) { + unregisterReceiver(this); + finish(); + if (intent.getBooleanExtra( + Components.TranslucentFloatingActivity.EXTRA_FADE_EXIT, false)) { + overridePendingTransition(0, R.anim.fade); + } + } + } + }; + +} diff --git a/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTests.java b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTests.java new file mode 100644 index 00000000000..14aada1c1c1 --- /dev/null +++ b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTests.java @@ -0,0 +1,190 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.server.wm; + +import static android.server.wm.WindowManagerState.STATE_PAUSED; +import static android.server.wm.WindowManagerState.STATE_RESUMED; +import static android.server.wm.overlay.Components.TranslucentFloatingActivity.ACTION_FINISH; +import static android.server.wm.overlay.Components.TranslucentFloatingActivity.EXTRA_FADE_EXIT; + +import static com.google.common.truth.Truth.assertThat; + +import android.content.ComponentName; +import android.content.Intent; +import android.graphics.Rect; +import android.os.Bundle; +import android.platform.test.annotations.Presubmit; +import android.server.wm.overlay.Components; + +import androidx.annotation.Nullable; + +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +/** + * Build/Install/Run: + * atest CtsWindowManagerDeviceTestCases:ActivityRecordInputSinkTests + */ +@Presubmit +public class ActivityRecordInputSinkTests extends ActivityManagerTestBase { + + private static final String APP_SELF = + WindowUntrustedTouchTest.class.getPackage().getName() + ".cts"; + private static final String APP_A = + android.server.wm.second.Components.class.getPackage().getName(); + + private static final ComponentName TEST_ACTIVITY = + new ComponentName(APP_SELF, "android.server.wm.ActivityRecordInputSinkTestsActivity"); + + private static final ComponentName OVERLAY_IN_SAME_UID = + Components.TranslucentFloatingActivity.getComponent(APP_SELF); + private static final ComponentName OVERLAY_IN_DIFFERENT_UID = + Components.TranslucentFloatingActivity.getComponent(APP_A); + private static final ComponentName TRAMPOLINE_DIFFERENT_UID = + Components.TrampolineActivity.getComponent(APP_A); + + private int mTouchCount; + + @Before + public void setUp() { + ActivityRecordInputSinkTestsActivity.sButtonClickCount.set(0); + } + + @After + public void tearDown() { + stopTestPackage(APP_A); + } + + @Test + public void testOverlappingActivityInNewTask_BlocksTouches() { + launchActivity(TEST_ACTIVITY); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + + launchActivityInNewTask(OVERLAY_IN_SAME_UID); + mWmState.waitAndAssertActivityState(OVERLAY_IN_SAME_UID, STATE_RESUMED); + touchButtonsAndAssert(false /*expectTouchesToReachActivity*/); + + mContext.sendBroadcast(new Intent(Components.TranslucentFloatingActivity.ACTION_FINISH)); + mWmState.waitAndAssertActivityRemoved(OVERLAY_IN_SAME_UID); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + } + + @Test + public void testOverlappingActivityInSameTaskSameUid_DoesNotBlocksTouches() { + launchActivity(TEST_ACTIVITY); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + + launchActivityInSameTask(OVERLAY_IN_SAME_UID); + mWmState.waitAndAssertActivityState(OVERLAY_IN_SAME_UID, STATE_RESUMED); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + } + + @Test + public void testOverlappingActivityInSameTaskDifferentUid_DoesNotBlocksTouches() { + launchActivity(TEST_ACTIVITY); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + + launchActivityInSameTask(OVERLAY_IN_DIFFERENT_UID); + mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED); + mWmState.assertActivityDisplayed(OVERLAY_IN_DIFFERENT_UID); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + } + + @Test + public void testOverlappingActivityInSameTaskTrampolineDifferentUid_DoesNotBlockTouches() { + launchActivity(TEST_ACTIVITY); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + + launchActivityInSameTask(TRAMPOLINE_DIFFERENT_UID, + Components.TrampolineActivity.buildTrampolineExtra(OVERLAY_IN_DIFFERENT_UID)); + mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + } + + @Test + public void testOverlappingActivitySandwich_BlocksTouches() { + Intent intent = new Intent(); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + intent.setComponent(TRAMPOLINE_DIFFERENT_UID); + intent.replaceExtras(Components.TrampolineActivity.buildTrampolineExtra(TEST_ACTIVITY, + OVERLAY_IN_DIFFERENT_UID)); + mContext.startActivity(intent); + + mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED); + touchButtonsAndAssert(false /*expectTouchesToReachActivity*/, false /*waitForAnimation*/); + + mContext.sendBroadcast(new Intent(Components.TranslucentFloatingActivity.ACTION_FINISH)); + mWmState.waitAndAssertActivityRemoved(OVERLAY_IN_DIFFERENT_UID); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/); + } + + @Test + public void testOverlappingActivitySandwichDuringAnimation_DoesNotBlockTouches() { + Intent intent = new Intent(); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + intent.setComponent(TRAMPOLINE_DIFFERENT_UID); + intent.replaceExtras(Components.TrampolineActivity.buildTrampolineExtra(TEST_ACTIVITY, + OVERLAY_IN_DIFFERENT_UID)); + mContext.startActivity(intent); + + mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED); + touchButtonsAndAssert(false /*expectTouchesToReachActivity*/, false /*waitForAnimation*/); + + int displayId = mWmState.getTaskByActivity(OVERLAY_IN_DIFFERENT_UID).mDisplayId; + mContext.sendBroadcast(new Intent(ACTION_FINISH).putExtra(EXTRA_FADE_EXIT, true)); + assertThat(mWmState.waitForAppTransitionRunningOnDisplay(displayId)).isTrue(); + touchButtonsAndAssert(true /*expectTouchesToReachActivity*/, false /*waitForAnimation*/); + } + + private void launchActivityInSameTask(ComponentName componentName) { + launchActivityInSameTask(componentName, null); + } + + private void launchActivityInSameTask(ComponentName componentName, @Nullable Bundle extras) { + Intent intent = new Intent(ActivityRecordInputSinkTestsActivity.LAUNCH_ACTIVITY_ACTION); + intent.putExtra(ActivityRecordInputSinkTestsActivity.COMPONENT_EXTRA, componentName); + intent.putExtra(ActivityRecordInputSinkTestsActivity.EXTRA_EXTRA, extras); + mContext.sendBroadcast(intent); + } + + + private void touchButtonsAndAssert(boolean expectTouchesToReachActivity) { + touchButtonsAndAssert(expectTouchesToReachActivity, true /* waitForAnimation */); + } + + private void touchButtonsAndAssert( + boolean expectTouchesToReachActivity, boolean waitForAnimation) { + int displayId = mWmState.getDisplayByActivity(TEST_ACTIVITY); + WindowManagerState.Activity activity = mWmState.getActivity(TEST_ACTIVITY); + Rect bounds = activity.getBounds(); + bounds.offset(0, -bounds.height() / 3); + mTouchHelper.tapOnCenter(bounds, displayId, waitForAnimation); + mTouchCount += (expectTouchesToReachActivity ? 1 : 0); + mInstrumentation.waitForIdleSync(); + assertThat(ActivityRecordInputSinkTestsActivity.sButtonClickCount.get()) + .isEqualTo(mTouchCount); + + bounds.offset(0, 2 * bounds.height() / 3); + mTouchHelper.tapOnCenter(bounds, displayId, waitForAnimation); + mTouchCount += (expectTouchesToReachActivity ? 1 : 0); + mInstrumentation.waitForIdleSync(); + assertThat(ActivityRecordInputSinkTestsActivity.sButtonClickCount.get()) + .isEqualTo(mTouchCount); + } + +} diff --git a/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTestsActivity.java b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTestsActivity.java new file mode 100644 index 00000000000..2b6b9289223 --- /dev/null +++ b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTestsActivity.java @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.server.wm; + +import android.app.Activity; +import android.content.BroadcastReceiver; +import android.content.ComponentName; +import android.content.Context; +import android.content.Intent; +import android.content.IntentFilter; +import android.os.Bundle; +import android.widget.Button; +import android.widget.LinearLayout; + +import java.util.concurrent.atomic.AtomicInteger; + +public class ActivityRecordInputSinkTestsActivity extends Activity { + + static final String LAUNCH_ACTIVITY_ACTION = "launch"; + static final String COMPONENT_EXTRA = "component"; + static final String EXTRA_EXTRA = "extra"; + + Button mTopButton; + Button mBottomButton; + + static volatile AtomicInteger sButtonClickCount = new AtomicInteger(0); + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + mTopButton = new Button(this); + mTopButton.setOnClickListener(v -> sButtonClickCount.getAndIncrement()); + mTopButton.setLayoutParams( + new LinearLayout.LayoutParams(LinearLayout.LayoutParams.MATCH_PARENT, + LinearLayout.LayoutParams.MATCH_PARENT)); + setContentView(mTopButton); + } + + @Override + protected void onStart() { + super.onStart(); + registerReceiver(mReceiver, new IntentFilter(LAUNCH_ACTIVITY_ACTION)); + } + + @Override + protected void onStop() { + unregisterReceiver(mReceiver); + super.onStop(); + } + + private final BroadcastReceiver mReceiver = new BroadcastReceiver() { + @Override + public void onReceive(Context context, Intent intent) { + switch (intent.getAction()) { + case LAUNCH_ACTIVITY_ACTION: + Intent activityIntent = new Intent(); + activityIntent.setComponent(intent.getParcelableExtra(COMPONENT_EXTRA)); + activityIntent.replaceExtras(intent.getBundleExtra(EXTRA_EXTRA)); + startActivity(activityIntent); + break; + default: + throw new AssertionError("Unknown action" + intent.getAction()); + } + } + }; + +} diff --git a/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java b/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java index 1ba667290e4..8d668325937 100644 --- a/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java +++ b/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java @@ -21,6 +21,7 @@ import static android.app.WindowConfiguration.ACTIVITY_TYPE_DREAM; import static android.app.WindowConfiguration.ACTIVITY_TYPE_HOME; import static android.app.WindowConfiguration.ACTIVITY_TYPE_RECENTS; import static android.app.WindowConfiguration.ACTIVITY_TYPE_STANDARD; +import static android.content.Intent.FLAG_ACTIVITY_CLEAR_TOP; import static android.content.Intent.FLAG_ACTIVITY_NEW_DOCUMENT; import static android.server.wm.WindowManagerState.STATE_INITIALIZING; import static android.server.wm.WindowManagerState.STATE_STOPPED; @@ -205,12 +206,23 @@ public class StartActivityTests extends ActivityManagerTestBase { */ @Test public void testStartActivityByNavigateUpToFromDiffUid() { - final Intent intent1 = new Intent(mContext, Activities.RegularActivity.class); + final Intent rootIntent = new Intent(mContext, Activities.RegularActivity.class); final String regularActivityName = Activities.RegularActivity.class.getName(); final TestActivitySession<Activities.RegularActivity> activitySession1 = createManagedTestActivitySession(); - activitySession1.launchTestActivityOnDisplaySync(regularActivityName, intent1, + activitySession1.launchTestActivityOnDisplaySync(regularActivityName, rootIntent, DEFAULT_DISPLAY); + + final Intent navIntent = new Intent(mContext, Activities.RegularActivity.class); + verifyNavigateUpTo(activitySession1, navIntent); + + navIntent.addFlags(FLAG_ACTIVITY_CLEAR_TOP); + verifyNavigateUpTo(activitySession1, navIntent); + assertFalse("#onNewIntent cannot be called", + activitySession1.getActivity().mIsOnNewIntentCalled); + } + + private void verifyNavigateUpTo(TestActivitySession rootActivitySession, Intent navIntent) { final TestActivitySession<Activities.SingleTopActivity> activitySession2 = createManagedTestActivitySession(); activitySession2.launchTestActivityOnDisplaySync(Activities.SingleTopActivity.class, @@ -228,14 +240,14 @@ public class StartActivityTests extends ActivityManagerTestBase { }); final Bundle data = new Bundle(); - data.putParcelable(EXTRA_INTENT, intent1); + data.putParcelable(EXTRA_INTENT, navIntent); activitySession3.sendCommand(COMMAND_NAVIGATE_UP_TO, data); - waitAndAssertTopResumedActivity(intent1.getComponent(), DEFAULT_DISPLAY, - "navigateUpTo should return to the first activity"); + waitAndAssertTopResumedActivity(rootActivitySession.getActivity().getComponentName(), + DEFAULT_DISPLAY, "navigateUpTo should return to the first activity"); // Make sure the resumed first activity is the original instance. assertFalse("The target of navigateUpTo should not be destroyed", - activitySession1.getActivity().isDestroyed()); + rootActivitySession.getActivity().isDestroyed()); // The activities above the first one should be destroyed. mWmState.waitAndAssertActivityRemoved( diff --git a/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java b/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java index 5dc7ffe1dbd..208d94fc0bd 100644 --- a/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java +++ b/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java @@ -17,6 +17,7 @@ package android.server.wm.intent; import android.app.Activity; +import android.content.Intent; import android.os.Bundle; /** @@ -40,6 +41,13 @@ public class Activities { } public static class RegularActivity extends BaseActivity { + public boolean mIsOnNewIntentCalled = false; + + @Override + protected void onNewIntent(Intent intent) { + super.onNewIntent(intent); + mIsOnNewIntentCalled = true; + } } public static class SingleTopActivity extends BaseActivity { diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java b/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java index bc6090f4bb9..b974ae837b9 100644 --- a/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java +++ b/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java @@ -20,12 +20,14 @@ import static android.app.WindowConfiguration.ACTIVITY_TYPE_HOME; import static android.app.WindowConfiguration.ACTIVITY_TYPE_RECENTS; import static android.app.WindowConfiguration.ACTIVITY_TYPE_STANDARD; import static android.app.WindowConfiguration.ACTIVITY_TYPE_UNDEFINED; +import static android.app.WindowConfiguration.WINDOWING_MODE_FREEFORM; import static android.app.WindowConfiguration.WINDOWING_MODE_FULLSCREEN; import static android.app.WindowConfiguration.WINDOWING_MODE_MULTI_WINDOW; import static android.app.WindowConfiguration.WINDOWING_MODE_UNDEFINED; import static android.view.Display.DEFAULT_DISPLAY; import android.app.ActivityManager; +import android.app.WindowConfiguration; import android.content.Context; import android.graphics.Rect; import android.hardware.display.DisplayManager; @@ -61,6 +63,7 @@ public class TestTaskOrganizer extends TaskOrganizer { private IBinder mPrimaryCookie; private IBinder mSecondaryCookie; private final HashMap<Integer, ActivityManager.RunningTaskInfo> mKnownTasks = new HashMap<>(); + private final HashMap<Integer, SurfaceControl> mTaskLeashes = new HashMap<>(); private final ArraySet<Integer> mPrimaryChildrenTaskIds = new ArraySet<>(); private final ArraySet<Integer> mSecondaryChildrenTaskIds = new ArraySet<>(); private final Rect mPrimaryBounds = new Rect(); @@ -356,7 +359,11 @@ public class TestTaskOrganizer extends TaskOrganizer { @Override public void onTaskInfoChanged(ActivityManager.RunningTaskInfo taskInfo) { synchronized (this) { - notifyOnEnd(() -> addTask(taskInfo)); + notifyOnEnd(() -> { + SurfaceControl.Transaction t = new SurfaceControl.Transaction(); + addTask(taskInfo, null /* leash */, t); + t.apply(); + }); } } @@ -367,14 +374,26 @@ public class TestTaskOrganizer extends TaskOrganizer { private void addTask(ActivityManager.RunningTaskInfo taskInfo, SurfaceControl leash, SurfaceControl.Transaction t) { mKnownTasks.put(taskInfo.taskId, taskInfo); - if (taskInfo.hasParentTask()){ + if (leash != null) { + mTaskLeashes.put(taskInfo.taskId, leash); + } else { + leash = mTaskLeashes.get(taskInfo.taskId); + } + if (taskInfo.hasParentTask()) { + Rect sourceCrop = null; if (mRootPrimary != null && mRootPrimary.taskId == taskInfo.getParentTaskId()) { + sourceCrop = new Rect(mPrimaryBounds); mPrimaryChildrenTaskIds.add(taskInfo.taskId); } else if (mRootSecondary != null && mRootSecondary.taskId == taskInfo.getParentTaskId()) { + sourceCrop = new Rect(mSecondaryBounds); mSecondaryChildrenTaskIds.add(taskInfo.taskId); } + if (t != null && leash != null && sourceCrop != null) { + sourceCrop.offsetTo(0, 0); + t.setGeometry(leash, sourceCrop, sourceCrop, Surface.ROTATION_0); + } return; } @@ -383,7 +402,9 @@ public class TestTaskOrganizer extends TaskOrganizer { && taskInfo.containsLaunchCookie(mPrimaryCookie)) { mRootPrimary = taskInfo; if (t != null && leash != null) { - t.setGeometry(leash, null, mPrimaryBounds, Surface.ROTATION_0); + Rect sourceCrop = new Rect(mPrimaryBounds); + sourceCrop.offsetTo(0, 0); + t.setGeometry(leash, sourceCrop, mPrimaryBounds, Surface.ROTATION_0); } return; } @@ -393,9 +414,24 @@ public class TestTaskOrganizer extends TaskOrganizer { && taskInfo.containsLaunchCookie(mSecondaryCookie)) { mRootSecondary = taskInfo; if (t != null && leash != null) { - t.setGeometry(leash, null, mSecondaryBounds, Surface.ROTATION_0); + Rect sourceCrop = new Rect(mSecondaryBounds); + sourceCrop.offsetTo(0, 0); + t.setGeometry(leash, sourceCrop, mSecondaryBounds, Surface.ROTATION_0); } + return; + } + + if (t == null || leash == null) { + return; + } + WindowConfiguration config = taskInfo.getConfiguration().windowConfiguration; + Rect bounds = config.getBounds(); + Rect sourceCrop = null; + if (config.getWindowingMode() != WINDOWING_MODE_FULLSCREEN) { + sourceCrop = new Rect(bounds); + sourceCrop.offsetTo(0, 0); } + t.setGeometry(leash, sourceCrop, bounds, Surface.ROTATION_0); } private void removeTask(ActivityManager.RunningTaskInfo taskInfo) { @@ -404,6 +440,7 @@ public class TestTaskOrganizer extends TaskOrganizer { if (mKnownTasks.remove(taskId) == null) { return; } + mTaskLeashes.remove(taskId); mPrimaryChildrenTaskIds.remove(taskId); mSecondaryChildrenTaskIds.remove(taskId); diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java b/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java index 98183d43e77..327730a33e7 100644 --- a/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java +++ b/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java @@ -101,9 +101,13 @@ public class TouchHelper { } public void tapOnCenter(Rect bounds, int displayId) { + tapOnCenter(bounds, displayId, true /* waitAnimation */); + } + + public void tapOnCenter(Rect bounds, int displayId, boolean waitAnimation) { final int tapX = bounds.left + bounds.width() / 2; final int tapY = bounds.top + bounds.height() / 2; - tapOnDisplaySync(tapX, tapY, displayId); + tapOnDisplay(tapX, tapY, displayId, true /* sync */, waitAnimation); } public void tapOnViewCenter(View view) { diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java b/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java index 458d7857461..e5621dd332e 100644 --- a/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java +++ b/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java @@ -228,11 +228,15 @@ public class WindowManagerStateHelper extends WindowManagerState { waitForWithAmState(state -> !state.isDisplayFrozen(), "Display unfrozen"); } - public void waitForActivityState(ComponentName activityName, String activityState) { - waitForWithAmState(state -> state.hasActivityState(activityName, activityState), + public boolean waitForActivityState(ComponentName activityName, String activityState) { + return waitForWithAmState(state -> state.hasActivityState(activityName, activityState), "state of " + getActivityName(activityName) + " to be " + activityState); } + public void waitAndAssertActivityState(ComponentName activityName, String activityState) { + assertTrue(waitForActivityState(activityName, activityState)); + } + public void waitForActivityRemoved(ComponentName activityName) { waitFor((amState) -> !amState.containsActivity(activityName) && !amState.containsWindow(getWindowName(activityName)), diff --git a/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java b/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java index 5eaa32ed205..0036da31a6c 100644 --- a/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java +++ b/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java @@ -18,12 +18,14 @@ package android.view.inputmethod.cts; import static android.content.Intent.ACTION_CLOSE_SYSTEM_DIALOGS; import static android.content.Intent.FLAG_RECEIVER_FOREGROUND; +import static android.view.inputmethod.cts.util.InputMethodVisibilityVerifier.expectImeVisible; import static android.view.inputmethod.cts.util.TestUtils.waitOnMainUntil; import static com.android.compatibility.common.util.SystemUtil.runShellCommand; import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -42,6 +44,7 @@ import android.view.inputmethod.InputConnection; import android.view.inputmethod.InputMethodInfo; import android.view.inputmethod.InputMethodManager; import android.view.inputmethod.InputMethodSubtype; +import android.view.inputmethod.cts.util.MockTestActivityUtil; import android.view.inputmethod.cts.util.TestActivity; import android.widget.EditText; import android.widget.LinearLayout; @@ -55,7 +58,11 @@ import androidx.test.uiautomator.By; import androidx.test.uiautomator.UiDevice; import androidx.test.uiautomator.Until; +import com.android.cts.mockime.ImeSettings; +import com.android.cts.mockime.MockImeSession; + import org.junit.After; +import org.junit.AssumptionViolatedException; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -171,6 +178,32 @@ public class InputMethodManagerTest { assertThat(enabledImeIds).contains(HIDDEN_FROM_PICKER_IME_ID); } + @Test + public void getInputMethodWindowVisibleHeight_returnsZeroIfNotFocused() throws Exception { + InputMethodManager imm = mContext.getSystemService(InputMethodManager.class); + try (MockImeSession session = MockImeSession.create(mContext, + mInstrumentation.getUiAutomation(), new ImeSettings.Builder())) { + try (AutoCloseable closeable = MockTestActivityUtil.launchSync( + mContext.getPackageManager().isInstantApp(), TIMEOUT)) { + session.callRequestShowSelf(0); + expectImeVisible(TIMEOUT); + assertEquals("Only IME target UID may observe the visible height of the IME", 0, + reflectivelyGetInputMethodWindowVisibleHeight(imm)); + } + } + } + + private int reflectivelyGetInputMethodWindowVisibleHeight(InputMethodManager imm) + throws Exception { + try { + return (int) InputMethodManager.class + .getMethod("getInputMethodWindowVisibleHeight") + .invoke(imm); + } catch (NoSuchMethodError e) { + throw new AssumptionViolatedException("getInputMethodWindowVisibleHeight not found"); + } + } + private static String dumpInputMethodInfoList(@NonNull List<InputMethodInfo> imiList) { return "[" + imiList.stream().map(imi -> { final StringBuilder sb = new StringBuilder(); diff --git a/tests/inputmethod/src/android/view/inputmethod/cts/util/MockTestActivityUtil.java b/tests/inputmethod/src/android/view/inputmethod/cts/util/MockTestActivityUtil.java new file mode 100644 index 00000000000..18f98f148dc --- /dev/null +++ b/tests/inputmethod/src/android/view/inputmethod/cts/util/MockTestActivityUtil.java @@ -0,0 +1,171 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.view.inputmethod.cts.util; + +import static android.content.Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS; + +import static com.android.compatibility.common.util.SystemUtil.runShellCommand; +import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity; + +import android.content.ComponentName; +import android.content.Intent; +import android.net.Uri; + +import androidx.annotation.NonNull; +import androidx.annotation.Nullable; +import androidx.test.platform.app.InstrumentationRegistry; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.BySelector; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.Until; + +import java.util.Map; + +/** + * Provides constants and utility methods to interact with + * {@link android.view.inputmethod.ctstestapp.MainActivity}. + */ +public final class MockTestActivityUtil { + private static final ComponentName TEST_ACTIVITY = new ComponentName( + "android.view.inputmethod.ctstestapp", + "android.view.inputmethod.ctstestapp.MainActivity"); + private static final Uri TEST_ACTIVITY_URI = + Uri.parse("https://example.com/android/view/inputmethod/ctstestapp"); + + private static final String ACTION_TRIGGER = "broadcast_action_trigger"; + + /** + * A key to be used as the {@code key} of {@link Map} passed as {@code extras} parameter of + * {@link #launchSync(boolean, long, Map)}. + * + * <p>A valid {@code value} is either {@code "true"} or {@code "false"}.</p> + */ + public static final String EXTRA_KEY_SHOW_DIALOG = + "android.view.inputmethod.ctstestapp.EXTRA_KEY_SHOW_DIALOG"; + + /** + * A key to be used as the {@code key} of {@link Map} passed as {@code extras} parameter of + * {@link #launchSync(boolean, long, Map)}. + * + * <p>The specified {@code value} will be set to + * {@link android.view.inputmethod.EditorInfo#privateImeOptions}.</p> + */ + public static final String EXTRA_KEY_PRIVATE_IME_OPTIONS = + "android.view.inputmethod.ctstestapp.EXTRA_KEY_PRIVATE_IME_OPTIONS"; + + /** + * Can be passed to {@link #sendBroadcastAction(String)} to dismiss the dialog box if exists. + */ + public static final String EXTRA_DISMISS_DIALOG = "extra_dismiss_dialog"; + + /** + * Can be passed to {@link #sendBroadcastAction(String)} call + * {@link android.view.inputmethod.InputMethodManager#showSoftInput(android.view.View, int)}. + */ + public static final String EXTRA_SHOW_SOFT_INPUT = "extra_show_soft_input"; + + @NonNull + private static Uri formatStringIntentParam(@NonNull Uri uri, Map<String, String> extras) { + if (extras == null) { + return uri; + } + final Uri.Builder builder = uri.buildUpon(); + extras.forEach(builder::appendQueryParameter); + return builder.build(); + } + + /** + * Launches {@link "android.view.inputmethod.ctstestapp.MainActivity"}. + * + * @param instant {@code true} when the Activity is installed as an instant app. + * @param timeout the timeout to wait until the Activity becomes ready. + * @return {@link AutoCloseable} object to automatically stop the test Activity package. + */ + public static AutoCloseable launchSync(boolean instant, long timeout) { + return launchSync(instant, timeout, null); + } + + /** + * Launches {@link "android.view.inputmethod.ctstestapp.MainActivity"}. + * + * @param instant {@code true} when the Activity is installed as an instant app. + * @param timeout the timeout to wait until the Activity becomes ready. + * @param extras extra parameters to be passed to the Activity. + * @return {@link AutoCloseable} object to automatically stop the test Activity package. + */ + public static AutoCloseable launchSync(boolean instant, long timeout, + @Nullable Map<String, String> extras) { + final StringBuilder commandBuilder = new StringBuilder(); + if (instant) { + // Override app-links domain verification. + runShellCommand( + String.format("pm set-app-links-user-selection --user cur --package %s true %s", + TEST_ACTIVITY.getPackageName(), TEST_ACTIVITY_URI.getHost())); + final Uri uri = formatStringIntentParam(TEST_ACTIVITY_URI, extras); + commandBuilder.append(String.format("am start -a %s -c %s --activity-clear-task %s", + Intent.ACTION_VIEW, Intent.CATEGORY_BROWSABLE, uri.toString())); + } else { + commandBuilder.append("am start --activity-clear-task -n ") + .append(TEST_ACTIVITY.flattenToShortString()); + if (extras != null) { + extras.forEach((key, value) -> commandBuilder.append(" --es ") + .append(key).append(" ").append(value)); + } + } + + runWithShellPermissionIdentity(() -> { + runShellCommand(commandBuilder.toString()); + }); + UiDevice uiDevice = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation()); + BySelector activitySelector = By.pkg(TEST_ACTIVITY.getPackageName()).depth(0); + uiDevice.wait(Until.hasObject(activitySelector), timeout); + + // Make sure to stop package after test finished for resource reclaim. + return () -> TestUtils.forceStopPackage(TEST_ACTIVITY.getPackageName()); + } + + /** + * Sends a broadcast to {@link "android.view.inputmethod.ctstestapp.MainActivity"}. + * + * @param extra {@link #EXTRA_DISMISS_DIALOG} or {@link #EXTRA_SHOW_SOFT_INPUT}. + */ + public static void sendBroadcastAction(String extra) { + final StringBuilder commandBuilder = new StringBuilder(); + commandBuilder.append("am broadcast -a ").append(ACTION_TRIGGER).append(" -p ").append( + TEST_ACTIVITY.getPackageName()); + commandBuilder.append(" -f 0x").append( + Integer.toHexString(FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS)); + commandBuilder.append(" --ez " + extra + " true"); + runWithShellPermissionIdentity(() -> { + runShellCommand(commandBuilder.toString()); + }); + } + + /** + * Force-stops {@link "android.view.inputmethod.ctstestapp"} package. + */ + public static void forceStopPackage() { + TestUtils.forceStopPackage(TEST_ACTIVITY.getPackageName()); + } + + /** + * @return {@code "android.view.inputmethod.ctstestapp"}. + */ + public static String getPackageName() { + return TEST_ACTIVITY.getPackageName(); + } +} diff --git a/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java b/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java index d4d8d6c0d9d..7d97a70ff0a 100644 --- a/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java +++ b/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java @@ -827,6 +827,7 @@ public class LocationManagerFineTest { } @Test + @AppModeFull(reason = "Instant apps can't hold INTERACT_ACROSS_USERS permission") public void testAddProviderRequestListener() throws Exception { InstrumentationRegistry.getInstrumentation().getUiAutomation() .adoptShellPermissionIdentity(Manifest.permission.LOCATION_HARDWARE); diff --git a/tests/tests/media/Android.bp b/tests/tests/media/Android.bp index 61a25966220..fccba68938b 100644 --- a/tests/tests/media/Android.bp +++ b/tests/tests/media/Android.bp @@ -96,6 +96,7 @@ android_test { "cts", "general-tests", "mts-media", + "sts", ], host_required: ["cts-dynamic-config"], min_sdk_version: "29", diff --git a/tests/tests/media/src/android/media/cts/MediaSessionTest.java b/tests/tests/media/src/android/media/cts/MediaSessionTest.java index 016c9ba01c1..3e54306c062 100644 --- a/tests/tests/media/src/android/media/cts/MediaSessionTest.java +++ b/tests/tests/media/src/android/media/cts/MediaSessionTest.java @@ -29,6 +29,7 @@ import static android.media.cts.Utils.compareRemoteUserInfo; import android.app.PendingIntent; import android.content.ComponentName; import android.content.Context; +import android.content.ContextWrapper; import android.content.Intent; import android.media.AudioAttributes; import android.media.AudioManager; @@ -49,6 +50,7 @@ import android.os.Looper; import android.os.Parcel; import android.os.Process; import android.platform.test.annotations.AppModeFull; +import android.platform.test.annotations.AsbSecurityTest; import android.test.AndroidTestCase; import android.text.TextUtils; import android.view.KeyEvent; @@ -78,6 +80,11 @@ public class MediaSessionTest extends AndroidTestCase { private static final long TEST_ACTION = 55L; private static final int TEST_TOO_MANY_SESSION_COUNT = 1000; + private static final String TEST_SESSION_TAG_FOREIGN_PACKAGE = + "test-session-tag-foreign-package"; + private static final String TEST_FOREIGN_PACKAGE_NAME = "fakepackage"; + private static final String TEST_FOREIGN_PACKAGE_CLASS = "com.fakepackage.media.FakeReceiver"; + private AudioManager mAudioManager; private Handler mHandler = new Handler(Looper.getMainLooper()); private Object mWaitLock = new Object(); @@ -305,6 +312,46 @@ public class MediaSessionTest extends AndroidTestCase { } } + @AsbSecurityTest(cveBugId = 238177121) + public void testSetMediaButtonBroadcastReceiver_withForeignPackageName_fails() + throws Exception { + Utils.assertMediaPlaybackStarted(getContext()); + + // Create Media Session + MyContextWrapper contextWrapper = new MyContextWrapper(getContext()); + MediaSession mediaSession = + new MediaSession(contextWrapper, TEST_SESSION_TAG_FOREIGN_PACKAGE); + + // Bypass client-side check + contextWrapper.mOverridePackageName = TEST_FOREIGN_PACKAGE_NAME; + + try { + mediaSession.setMediaButtonBroadcastReceiver( + new ComponentName(TEST_FOREIGN_PACKAGE_NAME, TEST_FOREIGN_PACKAGE_CLASS)); + fail("Component name with different package name was registered."); + } catch (IllegalArgumentException ex) { + // Expected. + } finally { + mediaSession.release(); + } + } + + static class MyContextWrapper extends ContextWrapper { + String mOverridePackageName; + + MyContextWrapper(Context base) { + super(base); + } + + @Override + public String getPackageName() { + if (mOverridePackageName != null) { + return mOverridePackageName; + } + return super.getPackageName(); + } + } + /** * Test whether media button receiver can be a explicit broadcast receiver via * MediaSession.setMediaButtonReceiver(PendingIntent). diff --git a/tests/tests/security/Android.bp b/tests/tests/security/Android.bp index cf064c6e1c4..c95a885289d 100644 --- a/tests/tests/security/Android.bp +++ b/tests/tests/security/Android.bp @@ -77,6 +77,9 @@ android_test { data: [ ":RolePermissionOverrideTestApp", ":SplitBluetoothPermissionTestApp", + ":CtsUsePermissionApp22_2", + ":CtsHelperAppOverlay", + ":CtsDummyTargetApi15TestApp", ], } diff --git a/tests/tests/security/AndroidManifest.xml b/tests/tests/security/AndroidManifest.xml index 186c5e2ab7b..e3950ad70b1 100644 --- a/tests/tests/security/AndroidManifest.xml +++ b/tests/tests/security/AndroidManifest.xml @@ -201,6 +201,21 @@ </intent-filter> </activity> + <provider android:name="android.security.cts.CVE_2022_20358.PocContentProvider" + android:authorities="android.security.cts.CVE_2022_20358.provider" + android:enabled="true" + android:exported="true" /> + + <service android:name="android.security.cts.CVE_2022_20358.PocSyncService" + android:enabled="true" + android:exported="true"> + <intent-filter> + <action android:name="android.content.SyncAdapter" /> + </intent-filter> + <meta-data android:name="android.content.SyncAdapter" + android:resource="@xml/syncadapter" /> + </service> + </application> <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" diff --git a/tests/tests/security/AndroidTest.xml b/tests/tests/security/AndroidTest.xml index 9bd5eb7e0a8..751748e5bcd 100644 --- a/tests/tests/security/AndroidTest.xml +++ b/tests/tests/security/AndroidTest.xml @@ -48,10 +48,14 @@ <option name="run-command" value="mkdir -p /data/local/tmp/cts/security" /> <option name="teardown-command" value="rm -rf /data/local/tmp/cts"/> </target_preparer> + <target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher"> <option name="cleanup" value="true" /> <option name="push" value="RolePermissionOverrideTestApp.apk->/data/local/tmp/cts/security/RolePermissionOverrideTestApp.apk" /> <option name="push" value="SplitBluetoothPermissionTestApp.apk->/data/local/tmp/cts/security/SplitBluetoothPermissionTestApp.apk" /> + <option name="push" value="CtsDummyTargetApi15TestApp.apk->/data/local/tmp/cts/security/CtsDummyTargetApi15TestApp.apk" /> + <option name="push" value="CtsUsePermissionApp22_2.apk->/data/local/tmp/cts/permission3/CtsUsePermissionApp22_2.apk" /> + <option name="push" value="CtsHelperAppOverlay.apk->/data/local/tmp/cts/permission3/CtsHelperAppOverlay.apk" /> </target_preparer> <test class="com.android.tradefed.testtype.AndroidJUnitTest" > diff --git a/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl b/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl index b9694c32af7..24e55c5cc79 100644 --- a/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl +++ b/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl @@ -22,4 +22,5 @@ interface IBitmapService { int getAllocationSize(in BitmapWrapper bitmap); boolean didReceiveBitmap(in BitmapWrapper bitmap); boolean ping(); + void exit(); } diff --git a/tests/tests/security/res/raw/cve_2022_22083.ape b/tests/tests/security/res/raw/cve_2022_22083.ape Binary files differnew file mode 100644 index 00000000000..05d6d730cfa --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_22083.ape diff --git a/tests/tests/security/res/raw/cve_2022_22084.qcp b/tests/tests/security/res/raw/cve_2022_22084.qcp Binary files differnew file mode 100644 index 00000000000..c41d21ec9ff --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_22084.qcp diff --git a/tests/tests/security/res/raw/cve_2022_22085.dts b/tests/tests/security/res/raw/cve_2022_22085.dts Binary files differnew file mode 100644 index 00000000000..3a886317ae8 --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_22085.dts diff --git a/tests/tests/security/res/raw/cve_2022_22086.3gp b/tests/tests/security/res/raw/cve_2022_22086.3gp Binary files differnew file mode 100644 index 00000000000..715d10c1a2b --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_22086.3gp diff --git a/tests/tests/security/res/raw/cve_2022_22087.mkv b/tests/tests/security/res/raw/cve_2022_22087.mkv Binary files differnew file mode 100644 index 00000000000..0b25fe47095 --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_22087.mkv diff --git a/tests/tests/security/res/raw/cve_2022_25657.mkv b/tests/tests/security/res/raw/cve_2022_25657.mkv Binary files differnew file mode 100644 index 00000000000..3d5f70ed561 --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_25657.mkv diff --git a/tests/tests/security/res/raw/cve_2022_25659.mkv b/tests/tests/security/res/raw/cve_2022_25659.mkv Binary files differnew file mode 100644 index 00000000000..9eda647727b --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_25659.mkv diff --git a/tests/tests/security/res/xml/syncadapter.xml b/tests/tests/security/res/xml/syncadapter.xml new file mode 100644 index 00000000000..478fad5327f --- /dev/null +++ b/tests/tests/security/res/xml/syncadapter.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<sync-adapter xmlns:android="http://schemas.android.com/apk/res/android" + android:accountType="CVE_2022_20358_acc" + android:isAlwaysSyncable="true" /> diff --git a/tests/tests/security/src/android/security/cts/BitmapService.java b/tests/tests/security/src/android/security/cts/BitmapService.java index c532e05e906..ec39ab0640b 100644 --- a/tests/tests/security/src/android/security/cts/BitmapService.java +++ b/tests/tests/security/src/android/security/cts/BitmapService.java @@ -40,6 +40,11 @@ public class BitmapService extends Service { public boolean ping() { return true; } + + @Override + public void exit() { + System.exit(0); + } }; @Nullable diff --git a/tests/tests/security/src/android/security/cts/BitmapTest.java b/tests/tests/security/src/android/security/cts/BitmapTest.java index 5ce81fd9d95..05273661eed 100644 --- a/tests/tests/security/src/android/security/cts/BitmapTest.java +++ b/tests/tests/security/src/android/security/cts/BitmapTest.java @@ -25,11 +25,12 @@ import android.graphics.Bitmap; import android.os.BadParcelableException; import android.os.IBinder; import android.platform.test.annotations.AsbSecurityTest; -import com.android.sts.common.util.StsExtraBusinessLogicTestCase; import androidx.test.platform.app.InstrumentationRegistry; import androidx.test.runner.AndroidJUnit4; +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + import com.google.common.util.concurrent.AbstractFuture; import org.junit.After; @@ -48,6 +49,7 @@ public class BitmapTest extends StsExtraBusinessLogicTestCase { private Instrumentation mInstrumentation; private PeerConnection mRemoteConnection; private IBitmapService mRemote; + private Intent mIntent; public static class PeerConnection extends AbstractFuture<IBitmapService> implements ServiceConnection { @@ -80,6 +82,9 @@ public class BitmapTest extends StsExtraBusinessLogicTestCase { if (mRemoteConnection != null) { final Context context = mInstrumentation.getContext(); context.unbindService(mRemoteConnection); + try { + mRemote.exit(); + } catch (Exception ex) { } mRemote = null; mRemoteConnection = null; } @@ -88,12 +93,11 @@ public class BitmapTest extends StsExtraBusinessLogicTestCase { IBitmapService getRemoteService() throws ExecutionException, InterruptedException { if (mRemote == null) { final Context context = mInstrumentation.getContext(); - Intent intent = new Intent(); - intent.setComponent(new ComponentName( + mIntent = new Intent(); + mIntent.setComponent(new ComponentName( "android.security.cts", "android.security.cts.BitmapService")); mRemoteConnection = new PeerConnection(); - context.bindService(intent, mRemoteConnection, - Context.BIND_AUTO_CREATE | Context.BIND_IMPORTANT); + context.bindService(mIntent, mRemoteConnection, Context.BIND_AUTO_CREATE); mRemote = mRemoteConnection.get(); } return mRemote; diff --git a/tests/tests/security/src/android/security/cts/CVE_2019_9376.java b/tests/tests/security/src/android/security/cts/CVE_2019_9376.java index b5896f179de..5c0f342fa68 100644 --- a/tests/tests/security/src/android/security/cts/CVE_2019_9376.java +++ b/tests/tests/security/src/android/security/cts/CVE_2019_9376.java @@ -25,12 +25,13 @@ import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import android.os.Parcel; import androidx.test.runner.AndroidJUnit4; +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; import org.junit.Test; import org.junit.runner.RunWith; @RunWith(AndroidJUnit4.class) -public class CVE_2019_9376 { +public class CVE_2019_9376 extends StsExtraBusinessLogicTestCase { @AppModeFull @AsbSecurityTest(cveBugId = 129287265) diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20135.java b/tests/tests/security/src/android/security/cts/CVE_2022_20135.java new file mode 100644 index 00000000000..2789ff85d10 --- /dev/null +++ b/tests/tests/security/src/android/security/cts/CVE_2022_20135.java @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeNotNull; + +import android.os.Bundle; +import android.os.Parcel; +import android.os.Parcelable; +import android.platform.test.annotations.AppModeFull; +import android.platform.test.annotations.AsbSecurityTest; + +import androidx.test.runner.AndroidJUnit4; + +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.lang.reflect.Field; + +@AppModeFull +@RunWith(AndroidJUnit4.class) +public class CVE_2022_20135 extends StsExtraBusinessLogicTestCase { + + @Test + @AsbSecurityTest(cveBugId = 220303465) + public void testPocCVE_2022_20135() { + Bundle bundle = new Bundle(); + try { + Class clazz = Class.forName("android.service.gatekeeper.GateKeeperResponse"); + assumeNotNull(clazz); + Object obj = clazz.getMethod("createGenericResponse", int.class).invoke(null, 0); + assumeNotNull(obj); + Field field = clazz.getDeclaredField("mPayload"); + assumeNotNull(field); + field.setAccessible(true); + field.set(obj, new byte[0]); + bundle.putParcelable("1", (Parcelable) obj); + bundle.putByteArray("2", new byte[1000]); + } catch (Exception ex) { + assumeNoException(ex); + } + Parcel parcel = Parcel.obtain(); + assumeNotNull(parcel); + parcel.writeBundle(bundle); + parcel.setDataPosition(0); + Bundle newBundle = new Bundle(); + newBundle.readFromParcel(parcel); + newBundle.keySet(); + } +} diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20358/CVE_2022_20358.java b/tests/tests/security/src/android/security/cts/CVE_2022_20358/CVE_2022_20358.java new file mode 100644 index 00000000000..b1ff1688ced --- /dev/null +++ b/tests/tests/security/src/android/security/cts/CVE_2022_20358/CVE_2022_20358.java @@ -0,0 +1,120 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20358; + +import static org.junit.Assert.fail; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.accounts.Account; +import android.app.Instrumentation; +import android.content.ComponentName; +import android.content.Context; +import android.content.ISyncAdapter; +import android.content.Intent; +import android.content.ServiceConnection; +import android.os.Bundle; +import android.os.IBinder; +import android.os.RemoteCallback; +import android.platform.test.annotations.AsbSecurityTest; + +import androidx.test.InstrumentationRegistry; +import androidx.test.runner.AndroidJUnit4; + +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.Semaphore; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; + +@RunWith(AndroidJUnit4.class) +public class CVE_2022_20358 extends StsExtraBusinessLogicTestCase implements ServiceConnection { + static final int TIMEOUT_SEC = 10; + Semaphore mWaitResultServiceConn; + boolean mIsAssumeFail = false; + String mAssumeFailMsg = ""; + + @AsbSecurityTest(cveBugId = 203229608) + @Test + public void testPocCVE_2022_20358() { + try { + // Bind to the PocSyncService + Instrumentation instrumentation = InstrumentationRegistry.getInstrumentation(); + Context context = instrumentation.getContext(); + Intent intent = new Intent(context, PocSyncService.class); + intent.setAction("android.content.SyncAdapter"); + CompletableFuture<String> callbackReturn = new CompletableFuture<>(); + RemoteCallback cb = new RemoteCallback((Bundle result) -> { + callbackReturn.complete(result.getString("fail")); + }); + intent.putExtra("callback", cb); + context.bindService(intent, this, Context.BIND_AUTO_CREATE); + + // Wait for some result from the PocSyncService + mWaitResultServiceConn = new Semaphore(0); + assumeTrue(mWaitResultServiceConn.tryAcquire(TIMEOUT_SEC, TimeUnit.SECONDS)); + assumeTrue(mAssumeFailMsg, !mIsAssumeFail); + + // Wait for a result to be set from onPerformSync() of PocSyncAdapter + callbackReturn.get(TIMEOUT_SEC, TimeUnit.SECONDS); + + // In presence of vulnerability, the above call succeeds and TimeoutException is not + // triggered so failing the test + fail("Vulnerable to b/203229608!!"); + } catch (Exception e) { + if (e instanceof TimeoutException) { + // The fix is present so returning from here + return; + } + assumeNoException(e); + } + } + + @Override + public void onServiceConnected(ComponentName name, IBinder service) { + try { + if (mWaitResultServiceConn == null) { + mWaitResultServiceConn = new Semaphore(0); + } + ISyncAdapter adapter = ISyncAdapter.Stub.asInterface(service); + Account account = new Account("CVE_2022_20358_user", "CVE_2022_20358_acc"); + adapter.startSync(null, "android.security.cts.CVE_2022_20358.provider", account, null); + mWaitResultServiceConn.release(); + } catch (Exception e) { + try { + mWaitResultServiceConn.release(); + mAssumeFailMsg = e.getMessage(); + mIsAssumeFail = true; + } catch (Exception ex) { + // ignore all exceptions + } + } + } + + @Override + public void onServiceDisconnected(ComponentName name) { + try { + mWaitResultServiceConn.release(); + } catch (Exception e) { + // ignore all exceptions + } + } +} diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocContentProvider.java b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocContentProvider.java new file mode 100644 index 00000000000..0bc8c2c5fed --- /dev/null +++ b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocContentProvider.java @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20358; + +import android.content.ContentProvider; +import android.content.ContentValues; +import android.database.Cursor; +import android.net.Uri; + +public class PocContentProvider extends ContentProvider { + + @Override + public int delete(Uri uri, String selection, String[] selectionArgs) { + return 0; + } + + @Override + public String getType(Uri uri) { + return null; + } + + @Override + public Uri insert(Uri uri, ContentValues values) { + return null; + } + + @Override + public boolean onCreate() { + return true; + } + + @Override + public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, + String sortOrder) { + return null; + } + + @Override + public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) { + return 0; + } +} diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocSyncService.java b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocSyncService.java new file mode 100644 index 00000000000..08fbf92d8e5 --- /dev/null +++ b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocSyncService.java @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20358; + +import android.accounts.Account; +import android.app.Service; +import android.content.AbstractThreadedSyncAdapter; +import android.content.ContentProviderClient; +import android.content.Context; +import android.content.Intent; +import android.content.SyncResult; +import android.os.Bundle; +import android.os.IBinder; +import android.os.RemoteCallback; + +public class PocSyncService extends Service { + private static PocSyncAdapter sSyncAdapter = null; + private static final Object sSyncAdapterLock = new Object(); + RemoteCallback mCb; + + @Override + public void onCreate() { + try { + synchronized (sSyncAdapterLock) { + if (sSyncAdapter == null) { + sSyncAdapter = new PocSyncAdapter(this); + } + } + } catch (Exception e) { + // ignore all exceptions + } + } + + @Override + public IBinder onBind(Intent intent) { + try { + mCb = (RemoteCallback) intent.getExtra("callback"); + } catch (Exception e) { + // ignore all exceptions + } + return sSyncAdapter.getSyncAdapterBinder(); + } + + public class PocSyncAdapter extends AbstractThreadedSyncAdapter { + + public PocSyncAdapter(Context context) { + super(context, false); + } + + @Override + public void onPerformSync(Account account, Bundle extras, String authority, + ContentProviderClient provider, SyncResult syncResult) { + try { + if (account.type.equals("CVE_2022_20358_acc") + && account.name.equals("CVE_2022_20358_user")) { + Bundle res = new Bundle(); + res.putString("fail", ""); + mCb.sendResult(res); + } + } catch (Exception e) { + // ignore all exceptions + } + } + } +} diff --git a/tests/tests/security/src/android/security/cts/LocationDisabledAppOpsTest.java b/tests/tests/security/src/android/security/cts/LocationDisabledAppOpsTest.java new file mode 100644 index 00000000000..c6b7e35b4ef --- /dev/null +++ b/tests/tests/security/src/android/security/cts/LocationDisabledAppOpsTest.java @@ -0,0 +1,132 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static android.app.AppOpsManager.MODE_ALLOWED; +import static android.app.AppOpsManager.OPSTR_FINE_LOCATION; + +import static com.android.compatibility.common.util.SystemUtil.eventually; +import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity; + +import android.app.ActivityManager; +import android.app.AppOpsManager; +import android.content.Context; +import android.content.pm.ApplicationInfo; +import android.content.pm.PackageInfo; +import android.location.LocationManager; +import android.os.PackageTagsList; +import android.os.Process; +import android.os.UserHandle; +import android.platform.test.annotations.AsbSecurityTest; + +import androidx.test.InstrumentationRegistry; +import androidx.test.runner.AndroidJUnit4; + +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.ArrayList; +import java.util.List; + +@RunWith(AndroidJUnit4.class) +public class LocationDisabledAppOpsTest extends StsExtraBusinessLogicTestCase { + + private final Context mContext = InstrumentationRegistry.getContext(); + private LocationManager mLm; + private AppOpsManager mAom; + + @Before + public void setUp() { + mLm = mContext.getSystemService(LocationManager.class); + mAom = mContext.getSystemService(AppOpsManager.class); + } + + @Test + @AsbSecurityTest(cveBugId = 231496105) + public void testLocationAppOpIsIgnoredForAppsWhenLocationIsDisabled() { + PackageTagsList ignoreList = mLm.getIgnoreSettingsAllowlist(); + + UserHandle[] userArr = {UserHandle.SYSTEM}; + runWithShellPermissionIdentity(() -> { + userArr[0] = UserHandle.of(ActivityManager.getCurrentUser()); + }); + + UserHandle user = userArr[0]; + + boolean wasEnabled = mLm.isLocationEnabledForUser(user); + + try { + runWithShellPermissionIdentity(() -> { + mLm.setLocationEnabledForUser(false, user); + }); + List<PackageInfo> pkgs = + mContext.getPackageManager().getInstalledPackagesAsUser( + 0, user.getIdentifier()); + + eventually(() -> { + List<String> bypassedNoteOps = new ArrayList<>(); + List<String> bypassedCheckOps = new ArrayList<>(); + for (PackageInfo pi : pkgs) { + ApplicationInfo ai = pi.applicationInfo; + if (ai.uid != Process.SYSTEM_UID) { + final int[] mode = {MODE_ALLOWED}; + runWithShellPermissionIdentity(() -> { + mode[0] = mAom.noteOpNoThrow( + OPSTR_FINE_LOCATION, ai.uid, ai.packageName); + }); + if (mode[0] == MODE_ALLOWED && !ignoreList.containsAll(pi.packageName)) { + bypassedNoteOps.add(pi.packageName); + } + + + mode[0] = MODE_ALLOWED; + runWithShellPermissionIdentity(() -> { + mode[0] = mAom + .checkOpNoThrow(OPSTR_FINE_LOCATION, ai.uid, ai.packageName); + }); + if (mode[0] == MODE_ALLOWED && !ignoreList.includes(pi.packageName)) { + bypassedCheckOps.add(pi.packageName); + } + + } + } + + String msg = ""; + if (!bypassedNoteOps.isEmpty()) { + msg += "Apps which still have access from noteOp " + bypassedNoteOps; + } + if (!bypassedCheckOps.isEmpty()) { + msg += (msg.isEmpty() ? "" : "\n\n") + + "Apps which still have access from checkOp " + bypassedCheckOps; + } + if (!msg.isEmpty()) { + Assert.fail(msg); + } + }); + } finally { + runWithShellPermissionIdentity(() -> { + mLm.setLocationEnabledForUser(wasEnabled, user); + }); + } + } + +} + diff --git a/tests/tests/security/src/android/security/cts/PackageInstallerTest.java b/tests/tests/security/src/android/security/cts/PackageInstallerTest.java index 887538ba2c8..ddea21385d8 100644 --- a/tests/tests/security/src/android/security/cts/PackageInstallerTest.java +++ b/tests/tests/security/src/android/security/cts/PackageInstallerTest.java @@ -21,23 +21,24 @@ import android.platform.test.annotations.AppModeFull; import android.platform.test.annotations.AsbSecurityTest; import androidx.test.platform.app.InstrumentationRegistry; +import androidx.test.runner.AndroidJUnit4; import com.android.cts.install.lib.Install; import com.android.cts.install.lib.TestApp; import com.android.cts.install.lib.Uninstall; +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; import java.util.concurrent.TimeUnit; -@RunWith(JUnit4.class) +@RunWith(AndroidJUnit4.class) @AppModeFull -public class PackageInstallerTest { +public class PackageInstallerTest extends StsExtraBusinessLogicTestCase { private static final String TEST_APP_NAME = "android.security.cts.packageinstallertestapp"; diff --git a/tests/tests/security/src/android/security/cts/PackageManagerTest.java b/tests/tests/security/src/android/security/cts/PackageManagerTest.java new file mode 100644 index 00000000000..8c27a70a391 --- /dev/null +++ b/tests/tests/security/src/android/security/cts/PackageManagerTest.java @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED; + +import static com.android.compatibility.common.util.ShellUtils.runShellCommand; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.not; +import static org.hamcrest.core.Is.is; + +import android.Manifest; +import android.content.ComponentName; +import android.content.pm.PackageManager; +import android.platform.test.annotations.AppModeFull; +import android.platform.test.annotations.AsbSecurityTest; + +import androidx.test.platform.app.InstrumentationRegistry; +import androidx.test.runner.AndroidJUnit4; + +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.io.File; + +@AppModeFull +@RunWith(AndroidJUnit4.class) +public class PackageManagerTest extends StsExtraBusinessLogicTestCase { + private static final String DUMMY_API15_APK_PATH = + "/data/local/tmp/cts/security/CtsDummyTargetApi15TestApp.apk"; + private static final String DUMMY_API15_PACKAGE_NAME = + "android.security.cts.dummy.api15"; + private static final ComponentName INVALID_COMPONENT_NAME = + ComponentName.createRelative(DUMMY_API15_PACKAGE_NAME, ".InvalidClassName"); + + private PackageManager mPackageManager; + + @Before + public void setUp() { + mPackageManager = InstrumentationRegistry.getInstrumentation() + .getTargetContext().getPackageManager(); + + installPackage(DUMMY_API15_APK_PATH); + InstrumentationRegistry + .getInstrumentation() + .getUiAutomation() + .adoptShellPermissionIdentity(Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE); + } + + @After + public void tearDown() { + InstrumentationRegistry.getInstrumentation().getUiAutomation() + .dropShellPermissionIdentity(); + uninstallPackage(DUMMY_API15_PACKAGE_NAME); + } + + @AsbSecurityTest(cveBugId = 240936919) + @Test + public void setComponentEnabledSetting_targetPkgIsApi15_withInvalidComponentName() { + mPackageManager.setComponentEnabledSetting( + INVALID_COMPONENT_NAME, COMPONENT_ENABLED_STATE_ENABLED, 0 /* flags */); + assertThat(mPackageManager.getComponentEnabledSetting(INVALID_COMPONENT_NAME), + not(is(COMPONENT_ENABLED_STATE_ENABLED))); + } + + private static void installPackage(String apkPath) { + assertThat(new File(apkPath).exists(), is(true)); + final StringBuilder cmd = new StringBuilder("pm install "); + cmd.append(apkPath); + final String result = runShellCommand(cmd.toString()).trim(); + assertThat(result, containsString("Success")); + } + + private static void uninstallPackage(String packageName) { + final StringBuilder cmd = new StringBuilder("pm uninstall "); + cmd.append(packageName); + runShellCommand(cmd.toString()); + } +} diff --git a/tests/tests/security/src/android/security/cts/PermissionReviewTapjackingTest.kt b/tests/tests/security/src/android/security/cts/PermissionReviewTapjackingTest.kt new file mode 100644 index 00000000000..32b1941a7ca --- /dev/null +++ b/tests/tests/security/src/android/security/cts/PermissionReviewTapjackingTest.kt @@ -0,0 +1,173 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts + +import android.app.Instrumentation +import android.app.UiAutomation +import android.content.Context +import android.content.ComponentName +import android.content.Intent +import android.content.pm.PackageManager +import android.platform.test.annotations.AsbSecurityTest +import android.provider.Settings +import android.support.test.uiautomator.By +import android.support.test.uiautomator.BySelector +import android.support.test.uiautomator.UiDevice +import android.support.test.uiautomator.UiObject2 +import android.support.test.uiautomator.Until +import androidx.test.InstrumentationRegistry +import com.android.compatibility.common.util.SystemUtil.runShellCommand +import com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity +import org.junit.After +import org.junit.Assert +import org.junit.Assume.assumeFalse +import org.junit.Before +import org.junit.Test +import java.lang.Exception + +/** + * Tests permission review screen can't be tapjacked + */ +class PermissionReviewTapjackingTest { + + companion object { + const val APK_DIRECTORY = "/data/local/tmp/cts/permission3" + const val IDLE_TIMEOUT_MILLIS: Long = 1000 + const val TIMEOUT_MILLIS: Long = 20000 + + const val APP_APK_PATH_22 = "$APK_DIRECTORY/CtsUsePermissionApp22_2.apk" + const val APP_PACKAGE_NAME = "android.permission3.cts.usepermission" + + const val HELPER_APP_OVERLAY = "$APK_DIRECTORY/CtsHelperAppOverlay.apk" + private const val HELPER_PACKAGE_NAME = "android.permission3.cts.helper.overlay" + } + + protected val instrumentation: Instrumentation = InstrumentationRegistry.getInstrumentation() + protected val context: Context = instrumentation.context + protected val uiAutomation: UiAutomation = instrumentation.uiAutomation + protected val uiDevice: UiDevice = UiDevice.getInstance(instrumentation) + protected val packageManager: PackageManager = context.packageManager + + private var screenTimeoutBeforeTest: Long = 0 + + protected fun waitForIdle() = uiAutomation.waitForIdle(IDLE_TIMEOUT_MILLIS, TIMEOUT_MILLIS) + + protected fun waitFindObject(selector: BySelector): UiObject2 { + waitForIdle() + val view = uiDevice.wait(Until.findObject(selector), TIMEOUT_MILLIS) + if (view == null) { + throw RuntimeException("View not found after waiting for " + + "${TIMEOUT_MILLIS}ms: $selector") + } + return view + } + + protected fun installPackage( + apkPath: String, + reinstall: Boolean = false, + expectSuccess: Boolean = true + ) { + val output = runShellCommand("pm install${if (reinstall) " -r" else ""} $apkPath").trim() + if (expectSuccess) { + Assert.assertEquals("Success", output) + } else { + Assert.assertNotEquals("Success", output) + } + } + + protected fun pressHome() { + uiDevice.pressHome() + waitForIdle() + } + + @Before + fun setUp() { + runWithShellPermissionIdentity { + screenTimeoutBeforeTest = Settings.System.getLong( + context.contentResolver, Settings.System.SCREEN_OFF_TIMEOUT + ) + Settings.System.putLong( + context.contentResolver, Settings.System.SCREEN_OFF_TIMEOUT, 1800000L + ) + } + + uiDevice.wakeUp() + runShellCommand(instrumentation, "wm dismiss-keyguard") + + uiDevice.findObject(By.text("Close"))?.click() + } + + @Before + fun installApp22AndApprovePermissionReview() { + assumeFalse(packageManager.arePermissionsIndividuallyControlled()) + + installPackage(APP_APK_PATH_22) + installPackage(HELPER_APP_OVERLAY) + + runShellCommand( + "appops set $HELPER_PACKAGE_NAME android:system_alert_window allow") + } + + @After + fun tearDown() { + runWithShellPermissionIdentity { + Settings.System.putLong( + context.contentResolver, Settings.System.SCREEN_OFF_TIMEOUT, + screenTimeoutBeforeTest + ) + } + + pressHome() + } + + @After + fun uninstallPackages() { + runShellCommand("pm uninstall $APP_PACKAGE_NAME") + runShellCommand("pm uninstall $HELPER_PACKAGE_NAME") + } + + @Test + @AsbSecurityTest(cveBugId = [176094367]) + fun testOverlaysAreHidden() { + context.startActivity(Intent() + .setComponent(ComponentName(HELPER_PACKAGE_NAME, + "$HELPER_PACKAGE_NAME.OverlayActivity")) + .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)) + findOverlay() + + context.startActivity(Intent() + .setComponent(ComponentName(APP_PACKAGE_NAME, + "$APP_PACKAGE_NAME.FinishOnCreateActivity")) + .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK) + ) + + waitFindObject(By.res("com.android.permissioncontroller:id/permissions_message")) + + try { + findOverlay() + Assert.fail("Overlay was displayed") + } catch (e: Exception) { + // expected + } + + System.out.println("pressHome!") + pressHome() + findOverlay() + } + + private fun findOverlay() = waitFindObject(By.text("Find me!")) +} diff --git a/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java b/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java index 293200e5541..a46e142e4d5 100644 --- a/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java +++ b/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java @@ -16,17 +16,21 @@ package android.security.cts; +import static org.junit.Assert.*; + import android.app.ActivityManager; import android.content.Context; import android.platform.test.annotations.AsbSecurityTest; + import androidx.test.runner.AndroidJUnit4; + import com.android.sts.common.util.StsExtraBusinessLogicTestCase; -import org.junit.runner.RunWith; -import org.junit.Test; -import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; import java.util.List; +import java.util.stream.Collectors; @RunWith(AndroidJUnit4.class) public class RunningAppProcessInfoTest extends StsExtraBusinessLogicTestCase { @@ -40,12 +44,23 @@ public class RunningAppProcessInfoTest extends StsExtraBusinessLogicTestCase { @Test public void testRunningAppProcessInfo() { ActivityManager amActivityManager = - (ActivityManager) getInstrumentation().getContext().getSystemService(Context.ACTIVITY_SERVICE); + (ActivityManager) + getInstrumentation() + .getContext() + .getSystemService(Context.ACTIVITY_SERVICE); List<ActivityManager.RunningAppProcessInfo> appList = amActivityManager.getRunningAppProcesses(); + + // Assembles app list for logging + List<String> processNames = + appList.stream() + .map((processInfo) -> processInfo.processName) + .collect(Collectors.toList()); + // The test will pass if it is able to get only its process info - assertTrue("Device is vulnerable to CVE-2015-3833. For more information, see " + - "https://android.googlesource.com/platform/frameworks/base/+" + - "/aaa0fee0d7a8da347a0c47cef5249c70efee209e", (appList.size() == 1)); + assertTrue( + "Device is vulnerable to CVE-2015-3833. Running app processes: " + + processNames.toString(), + (appList.size() == 1)); } } diff --git a/tests/tests/security/src/android/security/cts/StagefrightTest.java b/tests/tests/security/src/android/security/cts/StagefrightTest.java index efb0624ca40..307a3e7d01e 100644 --- a/tests/tests/security/src/android/security/cts/StagefrightTest.java +++ b/tests/tests/security/src/android/security/cts/StagefrightTest.java @@ -22,14 +22,20 @@ */ package android.security.cts; -import com.android.sts.common.util.StsExtraBusinessLogicTestCase; -import android.app.Instrumentation; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.junit.Assume.assumeFalse; +import static org.junit.Assume.assumeThat; + import android.content.Context; import android.content.res.AssetFileDescriptor; import android.content.res.Resources; import android.graphics.Bitmap; import android.graphics.BitmapFactory; -import android.graphics.SurfaceTexture; import android.media.MediaCodec; import android.media.MediaCodecInfo; import android.media.MediaCodecList; @@ -37,66 +43,51 @@ import android.media.MediaExtractor; import android.media.MediaFormat; import android.media.MediaMetadataRetriever; import android.media.MediaPlayer; -import android.opengl.GLES20; -import android.opengl.GLES11Ext; +import android.media.TimedText; import android.os.Looper; +import android.os.Parcel; import android.os.SystemClock; import android.platform.test.annotations.AppModeFull; -import android.os.Parcel; import android.platform.test.annotations.AsbSecurityTest; +import android.security.NetworkSecurityPolicy; import android.util.Log; import android.view.Surface; import android.webkit.cts.CtsTestServer; +import androidx.test.runner.AndroidJUnit4; + import com.android.compatibility.common.util.CrashUtils; import com.android.compatibility.common.util.mainline.MainlineModule; import com.android.compatibility.common.util.mainline.ModuleDetector; +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + +import org.json.JSONArray; +import org.json.JSONException; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TestName; +import org.junit.runner.RunWith; import java.io.BufferedInputStream; import java.io.BufferedReader; +import java.io.File; import java.io.FileInputStream; +import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; -import java.net.URL; -import java.nio.ByteBuffer; -import java.io.FileOutputStream; -import java.io.ObjectInputStream; import java.io.OutputStream; -import java.io.InputStream; import java.net.BindException; -import java.net.Socket; import java.net.ServerSocket; -import java.io.File; +import java.net.Socket; +import java.net.URL; +import java.nio.ByteBuffer; import java.util.ArrayList; import java.util.HashMap; import java.util.concurrent.locks.Condition; import java.util.concurrent.locks.ReentrantLock; import java.util.regex.Pattern; -import org.json.JSONArray; -import org.json.JSONException; -import org.json.JSONObject; - -import android.security.cts.R; - -import android.security.NetworkSecurityPolicy; -import android.media.TimedText; - -import androidx.test.InstrumentationRegistry; -import androidx.test.runner.AndroidJUnit4; - -import org.junit.Rule; -import org.junit.rules.TestName; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; - -import static org.junit.Assume.*; -import static org.junit.Assert.*; - -import static org.hamcrest.Matchers.is; - /** * Verify that the device is not vulnerable to any known Stagefright * vulnerabilities. @@ -1818,6 +1809,48 @@ public class StagefrightTest extends StsExtraBusinessLogicTestCase { before any existing test methods ***********************************************************/ @Test + @AsbSecurityTest(cveBugId = 223209306) + public void testStagefright_cve_2022_22085() throws Exception { + doStagefrightTest(R.raw.cve_2022_22085); + } + + @Test + @AsbSecurityTest(cveBugId = 223209816) + public void testStagefright_cve_2022_22084() throws Exception { + doStagefrightTest(R.raw.cve_2022_22084); + } + + @Test + @AsbSecurityTest(cveBugId = 223211218) + public void testStagefright_cve_2022_22086() throws Exception { + doStagefrightTest(R.raw.cve_2022_22086); + } + + @Test + @AsbSecurityTest(cveBugId = 228101819) + public void testStagefright_cve_2022_25659() throws Exception { + doStagefrightTest(R.raw.cve_2022_25659); + } + + @Test + @AsbSecurityTest(cveBugId = 223210917) + public void testStagefright_cve_2022_22083() throws Exception { + doStagefrightTest(R.raw.cve_2022_22083); + } + + @Test + @AsbSecurityTest(cveBugId = 223209610) + public void testStagefright_cve_2022_22087() throws Exception { + doStagefrightTest(R.raw.cve_2022_22087); + } + + @Test + @AsbSecurityTest(cveBugId = 228101835) + public void testStagefright_cve_2022_25657() throws Exception { + doStagefrightTest(R.raw.cve_2022_25657); + } + + @Test @AsbSecurityTest(cveBugId = 231156126) public void testStagefright_cve_2022_22059() throws Exception { doStagefrightTest(R.raw.cve_2022_22059); @@ -2415,7 +2448,8 @@ public class StagefrightTest extends StsExtraBusinessLogicTestCase { MediaCodec.BufferInfo info = new MediaCodec.BufferInfo(); try { ByteBuffer [] inputBuffers = codec.getInputBuffers(); - while (true) { + long startTime = System.nanoTime(); + while (System.nanoTime() - startTime < TIMEOUT_NS) { int flags = ex.getSampleFlags(); long time = ex.getSampleTime(); ex.getCachedDuration(); diff --git a/tests/tests/security/test-apps/DummyTargetApi15TestApp/Android.bp b/tests/tests/security/test-apps/DummyTargetApi15TestApp/Android.bp new file mode 100644 index 00000000000..2cfcd55beae --- /dev/null +++ b/tests/tests/security/test-apps/DummyTargetApi15TestApp/Android.bp @@ -0,0 +1,27 @@ +// +// Copyright (C) 2022 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CtsDummyTargetApi15TestApp", + defaults: ["cts_defaults"], + sdk_version: "current", + target_sdk_version: "15", + min_sdk_version: "15", +} diff --git a/tests/tests/security/test-apps/DummyTargetApi15TestApp/AndroidManifest.xml b/tests/tests/security/test-apps/DummyTargetApi15TestApp/AndroidManifest.xml new file mode 100644 index 00000000000..aa25f1a0713 --- /dev/null +++ b/tests/tests/security/test-apps/DummyTargetApi15TestApp/AndroidManifest.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + ~ Copyright (C) 2022 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.dummy.api15" > + <uses-sdk android:minSdkVersion="15" android:targetSdkVersion="15" /> + <application android:hasCode="false" android:label="Dummy Test App" /> +</manifest> diff --git a/tests/tests/security/test-apps/HelperAppOverlay/Android.bp b/tests/tests/security/test-apps/HelperAppOverlay/Android.bp new file mode 100644 index 00000000000..db0eab89848 --- /dev/null +++ b/tests/tests/security/test-apps/HelperAppOverlay/Android.bp @@ -0,0 +1,31 @@ +// +// Copyright (C) 2020 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CtsHelperAppOverlay", + min_sdk_version: "30", + srcs: [ + "src/**/*.kt", + ], + static_libs: [ + "kotlin-stdlib", + ], + certificate: ":cts-testkey2", +} diff --git a/tests/tests/security/test-apps/HelperAppOverlay/AndroidManifest.xml b/tests/tests/security/test-apps/HelperAppOverlay/AndroidManifest.xml new file mode 100644 index 00000000000..04d5a4b4386 --- /dev/null +++ b/tests/tests/security/test-apps/HelperAppOverlay/AndroidManifest.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="utf-8"?> + +<!-- + ~ Copyright (C) 2020 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<manifest + xmlns:android="http://schemas.android.com/apk/res/android" + package="android.permission3.cts.helper.overlay"> + + <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" /> + + <application> + <activity android:name=".OverlayActivity" android:exported="true"> + <intent-filter> + <action android:name="android.intent.action.MAIN" /> + </intent-filter> + </activity> + </application> +</manifest> diff --git a/tests/tests/security/test-apps/HelperAppOverlay/src/android/permission3/cts/helper/overlay/OverlayActivity.kt b/tests/tests/security/test-apps/HelperAppOverlay/src/android/permission3/cts/helper/overlay/OverlayActivity.kt new file mode 100644 index 00000000000..2c1497fea30 --- /dev/null +++ b/tests/tests/security/test-apps/HelperAppOverlay/src/android/permission3/cts/helper/overlay/OverlayActivity.kt @@ -0,0 +1,26 @@ +package android.permission3.cts.helper.overlay + +import android.app.Activity +import android.os.Bundle +import android.view.ViewGroup +import android.view.ViewGroup.LayoutParams.MATCH_PARENT +import android.view.WindowManager +import android.widget.LinearLayout +import android.widget.TextView + +class OverlayActivity : Activity() { + + override fun onCreate(savedInstanceState: Bundle?) { + super.onCreate(savedInstanceState) + val mainLayout = LinearLayout(this) + mainLayout.layoutParams = ViewGroup.LayoutParams(MATCH_PARENT, MATCH_PARENT) + val textView = TextView(this) + + textView.text = "Find me!" + mainLayout.addView(textView) + + val windowParams = WindowManager.LayoutParams() + windowParams.type = WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY + windowManager.addView(mainLayout, windowParams) + } +} diff --git a/tests/tests/security/test-apps/UsePermissionApp22_2/Android.bp b/tests/tests/security/test-apps/UsePermissionApp22_2/Android.bp new file mode 100644 index 00000000000..8bda33cbf12 --- /dev/null +++ b/tests/tests/security/test-apps/UsePermissionApp22_2/Android.bp @@ -0,0 +1,27 @@ +// +// Copyright (C) 2015 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +android_test_helper_app { + name: "CtsUsePermissionApp22_2", + srcs: [ + ":CtsUsePermissionAppSrc", + ], + static_libs: [ + "kotlin-stdlib", + ], + certificate: ":cts-testkey2", + min_sdk_version: "22", +} diff --git a/tests/tests/security/test-apps/UsePermissionApp22_2/AndroidManifest.xml b/tests/tests/security/test-apps/UsePermissionApp22_2/AndroidManifest.xml new file mode 100644 index 00000000000..f1ff90d419c --- /dev/null +++ b/tests/tests/security/test-apps/UsePermissionApp22_2/AndroidManifest.xml @@ -0,0 +1,79 @@ +<?xml version="1.0" encoding="utf-8"?> + +<!-- + ~ Copyright (C) 2015 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<manifest + xmlns:android="http://schemas.android.com/apk/res/android" + package="android.permission3.cts.usepermission"> + + <uses-sdk android:minSdkVersion="22" android:targetSdkVersion="22" /> + + <!-- Make sure permission code can handle invalid permissions --> + <uses-permission android:name="android.permission3.cts.usepermission.INVALID_PERMISSION_NAME" /> + + <!-- Request two different permissions within the same group --> + <uses-permission android:name="android.permission.SEND_SMS" /> + <uses-permission android:name="android.permission.RECEIVE_SMS" /> + + <!-- Contacts --> + <!-- Deliberately request WRITE_CONTACTS but *not* READ_CONTACTS --> + <uses-permission android:name="android.permission.WRITE_CONTACTS" /> + + <!-- Calendar --> + <uses-permission android:name="android.permission.READ_CALENDAR" /> + <uses-permission android:name="android.permission.WRITE_CALENDAR" /> + + <!-- SMS --> + <uses-permission android:name="android.permission.SEND_SMS" /> + <uses-permission android:name="android.permission.RECEIVE_SMS" /> + <uses-permission android:name="android.permission.READ_SMS" /> + <uses-permission android:name="android.permission.RECEIVE_WAP_PUSH" /> + <uses-permission android:name="android.permission.RECEIVE_MMS" /> + <uses-permission android:name="android.permission.READ_CELL_BROADCASTS" /> + + <!-- Storage --> + <!-- Special case: WRITE_EXTERNAL_STORAGE implies READ_EXTERNAL_STORAGE --> + <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> + + <!-- Location --> + <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" /> + <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> + + <!-- Phone --> + <uses-permission android:name="android.permission.READ_PHONE_STATE" /> + <uses-permission android:name="android.permission.CALL_PHONE" /> + <uses-permission android:name="android.permission.READ_CALL_LOG" /> + <uses-permission android:name="android.permission.WRITE_CALL_LOG" /> + <uses-permission android:name="com.android.voicemail.permission.ADD_VOICEMAIL" /> + <uses-permission android:name="android.permission.USE_SIP" /> + <uses-permission android:name="android.permission.PROCESS_OUTGOING_CALLS" /> + + <!-- Phone --> + <uses-permission android:name="android.permission.RECORD_AUDIO" /> + + <!-- Camera --> + <uses-permission android:name="android.permission.CAMERA" /> + + <!-- Body Sensors --> + <uses-permission android:name="android.permission.BODY_SENSORS" /> + + <application> + <activity android:name=".CheckCalendarAccessActivity" android:exported="true" /> + <activity android:name=".FinishOnCreateActivity" android:exported="true" /> + <activity android:name=".RequestPermissionsActivity" android:exported="true" /> + </application> +</manifest> diff --git a/tests/tests/telecom/Android.bp b/tests/tests/telecom/Android.bp index 437743abcf3..c056b0a048d 100644 --- a/tests/tests/telecom/Android.bp +++ b/tests/tests/telecom/Android.bp @@ -76,6 +76,7 @@ android_test { "Api29InCallServiceTestApp/**/I*.aidl", "ThirdPtyDialerTestApp/**/*.java", "ThirdPtyDialerTestAppTwo/**/*.java", + "CarModeTestAppSelfManaged/**/*.java", "CarModeTestAppTwo/**/*.java", ], exclude_srcs: [ diff --git a/tests/tests/telecom/AndroidTest.xml b/tests/tests/telecom/AndroidTest.xml index 6f51e4a3029..13e1e1adeff 100644 --- a/tests/tests/telecom/AndroidTest.xml +++ b/tests/tests/telecom/AndroidTest.xml @@ -27,6 +27,7 @@ <option name="test-file-name" value="ThirdPtyInCallServiceTestApp.apk" /> <option name="test-file-name" value="Api29InCallServiceTestApp.apk" /> <option name="test-file-name" value="CallScreeningServiceTestApp.apk" /> + <option name="test-file-name" value="CarModeTestAppSelfManaged.apk" /> <option name="test-file-name" value="CarModeTestApp.apk" /> <option name="test-file-name" value="CarModeTestAppTwo.apk" /> <option name="test-file-name" value="ThirdPtyDialerTestApp.apk" /> diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/Android.bp b/tests/tests/telecom/CarModeTestAppSelfManaged/Android.bp new file mode 100644 index 00000000000..edc9f63972a --- /dev/null +++ b/tests/tests/telecom/CarModeTestAppSelfManaged/Android.bp @@ -0,0 +1,38 @@ +// Copyright (C) 2019 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CarModeTestAppSelfManaged", + defaults: ["cts_defaults"], + srcs: [ + "src/**/*.java", + ":car-mode-app-srcs", + ":car-mode-app-aidl", + ], + static_libs: [ + "compatibility-device-util-axt", + "ctstestrunner-axt", + "androidx.test.rules", + "CtsTelecomMockLib", + ], + sdk_version: "test_current", + test_suites: [ + "cts", + "general-tests", + ], +} diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/AndroidManifest.xml b/tests/tests/telecom/CarModeTestAppSelfManaged/AndroidManifest.xml new file mode 100644 index 00000000000..c792dfd9913 --- /dev/null +++ b/tests/tests/telecom/CarModeTestAppSelfManaged/AndroidManifest.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.telecom.cts.carmodetestappselfmanaged" + android:versionCode="1" + android:versionName="1.0"> + + <uses-permission android:name="android.permission.MANAGE_OWN_CALLS" /> + <uses-permission android:name="android.permission.BIND_TELECOM_CONNECTION_SERVICE" /> + + <application android:label="CarModeTestAppSelfManaged"> + <service android:name=".CtsCarModeInCallServiceSelfManaged" + android:permission="android.permission.BIND_INCALL_SERVICE" + android:launchMode="singleInstance" + android:exported="true"> + <meta-data android:name="android.telecom.IN_CALL_SERVICE_CAR_MODE_UI" + android:value="true"/> + <meta-data android:name="android.telecom.INCLUDE_EXTERNAL_CALLS" + android:value="true" /> + <meta-data android:name="android.telecom.INCLUDE_SELF_MANAGED_CALLS" + android:value="true" /> + <intent-filter> + <action android:name="android.telecom.InCallService"/> + </intent-filter> + </service> + + <service android:name=".CtsCarModeInCallServiceControlSelfManaged" + android:launchMode="singleInstance" + android:exported="true"> + <intent-filter> + <action + android:name="android.telecom.cts.carmodetestapp.ACTION_CAR_MODE_CONTROL"/> + </intent-filter> + </service> + + <service android:name="android.telecom.cts.CtsSelfManagedConnectionService" + android:permission="android.permission.BIND_TELECOM_CONNECTION_SERVICE" + android:exported="true"> + <intent-filter> + <action android:name="android.telecom.ConnectionService"/> + </intent-filter> + </service> + + </application> +</manifest>
\ No newline at end of file diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceControlSelfManaged.java b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceControlSelfManaged.java new file mode 100644 index 00000000000..b6d5c10a9c8 --- /dev/null +++ b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceControlSelfManaged.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.telecom.cts.carmodetestappselfmanaged; + +import android.telecom.cts.carmodetestapp.CtsCarModeInCallServiceControl; + +public class CtsCarModeInCallServiceControlSelfManaged extends CtsCarModeInCallServiceControl { +} diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceSelfManaged.java b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceSelfManaged.java new file mode 100644 index 00000000000..e7b29e30e51 --- /dev/null +++ b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceSelfManaged.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.telecom.cts.carmodetestappselfmanaged; + +import android.telecom.cts.carmodetestapp.CtsCarModeInCallService; + +public class CtsCarModeInCallServiceSelfManaged extends CtsCarModeInCallService { +} diff --git a/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl b/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl index 5357afb2a30..ad6e41f3606 100644 --- a/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl +++ b/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl @@ -27,4 +27,6 @@ interface ICtsCarModeInCallServiceControl { boolean requestAutomotiveProjection(); void releaseAutomotiveProjection(); boolean checkBindStatus(boolean bind); + void registerPhoneAccount(in PhoneAccount phoneAccount); + void unregisterPhoneAccount(in PhoneAccountHandle phoneAccountHandle); } diff --git a/tests/tests/telecom/src/android/telecom/cts/PhoneAccountRegistrarTest.java b/tests/tests/telecom/src/android/telecom/cts/PhoneAccountRegistrarTest.java new file mode 100644 index 00000000000..f52b183875d --- /dev/null +++ b/tests/tests/telecom/src/android/telecom/cts/PhoneAccountRegistrarTest.java @@ -0,0 +1,461 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package android.telecom.cts; + +import static android.telecom.PhoneAccount.CAPABILITY_CALL_PROVIDER; +import static android.telecom.PhoneAccount.CAPABILITY_SELF_MANAGED; + +import android.content.ComponentName; +import android.content.Context; +import android.content.Intent; +import android.content.ServiceConnection; +import android.net.Uri; +import android.os.IBinder; +import android.os.RemoteException; +import android.telecom.PhoneAccount; +import android.telecom.PhoneAccountHandle; +import android.telecom.TelecomManager; +import android.telecom.cts.carmodetestapp.ICtsCarModeInCallServiceControl; +import android.telecom.cts.carmodetestappselfmanaged.CtsCarModeInCallServiceControlSelfManaged; +import android.util.Log; + +import com.android.compatibility.common.util.ShellIdentityUtils; + +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; + +public class PhoneAccountRegistrarTest extends BaseTelecomTestWithMockServices { + + private static final String TAG = "PhoneAccountRegistrarTest"; + private static final long TIMEOUT = 3000L; + private static final int LARGE_ACCT_HANDLE_ID_MIN_SIZE = 50000; + private static final String RANDOM_CHAR_VALUE = "a"; + private static final String TEL_PREFIX = "tel:"; + private static final String TELECOM_CLEANUP_ACCTS_CMD = "telecom cleanup-orphan-phone-accounts"; + + public static final int MAX_PHONE_ACCOUNT_REGISTRATIONS = 10; // mirrors constant in... + // PhoneAccountRegistrar called MAX_PHONE_ACCOUNT_REGISTRATIONS + + // permissions + private static final String READ_PHONE_STATE_PERMISSION = + "android.permission.READ_PRIVILEGED_PHONE_STATE"; + private static final String MODIFY_PHONE_STATE_PERMISSION = + "android.permission.MODIFY_PHONE_STATE"; + private static final String REGISTER_SIM_SUBSCRIPTION_PERMISSION = + "android.permission.REGISTER_SIM_SUBSCRIPTION"; + // telecom cts test package (default package that registers phoneAccounts) + private static final ComponentName TEST_COMPONENT_NAME = + new ComponentName(TestUtils.PACKAGE, TestUtils.COMPONENT); + // secondary test package (extra package that can be set up to register phoneAccounts) + private static final String SELF_MANAGED_CAR_PACKAGE = + CtsCarModeInCallServiceControlSelfManaged.class.getPackage().getName(); + private static final ComponentName SELF_MANAGED_CAR_RELATIVE_COMPONENT = ComponentName + .createRelative(SELF_MANAGED_CAR_PACKAGE, + CtsCarModeInCallServiceControlSelfManaged.class.getName()); + private static final ComponentName CAR_COMPONENT = new ComponentName(SELF_MANAGED_CAR_PACKAGE, + TestUtils.SELF_MANAGED_COMPONENT); + private static final String CAR_MODE_CONTROL = + "android.telecom.cts.carmodetestapp.ACTION_CAR_MODE_CONTROL"; + // variables to interface with the second test package + TestServiceConnection mControl; + ICtsCarModeInCallServiceControl mSecondaryTestPackageControl; + + @Override + public void setUp() throws Exception { + // Sets up this package as default dialer in super. + super.setUp(); + NewOutgoingCallBroadcastReceiver.reset(); + if (!mShouldTestTelecom) return; + setupConnectionService(null, 0); + // cleanup any accounts registered to the test package before starting tests + cleanupPhoneAccounts(); + } + + @Override + public void tearDown() throws Exception { + // cleanup any accounts registered to the test package after testing to avoid crashing other + // tests. + cleanupPhoneAccounts(); + super.tearDown(); + } + + /** + * Test the scenario where {@link android.telecom.TelecomManager + * #getCallCapablePhoneAccounts(boolean)} is called with a heavy payload + * that could cause a {@link android.os.TransactionTooLargeException}. Telecom is expected to + * handle this by splitting the parcels via {@link android.content.pm.ParceledListSlice}. + */ + public void testGettingLargeCallCapablePhoneAccountHandlePayload() throws Exception { + if (!mShouldTestTelecom) return; + // ensure the test starts without any phone accounts registered to the test package + cleanupPhoneAccounts(); + // generate a large phoneAccountHandle id string to create a large payload + String largeAccountHandleId = generateLargeString( + LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE); + assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length()); + // create handles for package 1 + List<PhoneAccount> phoneAccountsForPackage1 = + generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId, + numberOfPhoneAccountsCtsPackageCanRegister(), CAPABILITY_CALL_PROVIDER); + //create handles for package 2 + List<PhoneAccount> phoneAccountsForPackage2 = + generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId, + MAX_PHONE_ACCOUNT_REGISTRATIONS, CAPABILITY_CALL_PROVIDER); + try { + // register all accounts for package 1 + phoneAccountsForPackage1.stream() + .forEach(a -> mTelecomManager.registerPhoneAccount(a)); + // verify all can be fetched + verifyCanFetchCallCapableAccounts(); + // register all accounts for package 2 + bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2); + // verify all can be fetched + verifyCanFetchCallCapableAccounts(); + } catch (IllegalArgumentException e) { + // allow test pass ... + Log.i(TAG, "testGettingLargeCallCapablePhoneAccountHandlePayload:" + + " illegal arg exception thrown."); + } finally { + unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2); + cleanupPhoneAccounts(); + } + } + + /** + * Test the scenario where {@link android.telecom.TelecomManager#getSelfManagedPhoneAccounts()} + * is called with a heavy payload that could cause a {@link + * android.os.TransactionTooLargeException}. Telecom is expected to handle this by splitting + * the parcels via {@link android.content.pm.ParceledListSlice}. + */ + public void testGettingLargeSelfManagedPhoneAccountHandlePayload() throws Exception { + if (!mShouldTestTelecom) return; + // ensure the test starts without any phone accounts registered to the test package + cleanupPhoneAccounts(); + // generate a large phoneAccountHandle id string to create a large payload + String largeAccountHandleId = generateLargeString( + LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE); + assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length()); + // create handles for package 1 + List<PhoneAccount> phoneAccountsForPackage1 = + generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId, + numberOfPhoneAccountsCtsPackageCanRegister(), CAPABILITY_SELF_MANAGED); + //create handles for package 2 + List<PhoneAccount> phoneAccountsForPackage2 = + generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId, + MAX_PHONE_ACCOUNT_REGISTRATIONS, CAPABILITY_SELF_MANAGED); + try { + // register all accounts for package 1 + phoneAccountsForPackage1.stream() + .forEach(a -> mTelecomManager.registerPhoneAccount(a)); + // verify all can be fetched + verifyCanFetchSelfManagedPhoneAccounts(); + // register all accounts for package 2 + bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2); + // verify all can be fetched + verifyCanFetchSelfManagedPhoneAccounts(); + } catch (IllegalArgumentException e) { + // allow test pass ... + Log.i(TAG, "testGettingLargeSelfManagedPhoneAccountHandlePayload:" + + " illegal arg exception thrown."); + } finally { + unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2); + cleanupPhoneAccounts(); + } + } + + /** + * Test the scenario where {@link android.telecom.TelecomManager#getAllPhoneAccountHandles()} + * is called with a heavy payload that could cause a {@link + * android.os.TransactionTooLargeException}. Telecom is expected to handle this by splitting + * the parcels via {@link android.content.pm.ParceledListSlice}. + */ + public void testGettingAllPhoneAccountHandlesWithLargePayload() throws Exception { + if (!mShouldTestTelecom) return; + // ensure the test starts without any phone accounts registered to the test package + cleanupPhoneAccounts(); + // generate a large phoneAccountHandle id string to create a large payload + String largeAccountHandleId = generateLargeString( + LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE); + assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length()); + // create handles for package 1 + List<PhoneAccount> phoneAccountsForPackage1 = + generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId, + numberOfPhoneAccountsCtsPackageCanRegister(), CAPABILITY_SELF_MANAGED); + //create handles for package 2 + List<PhoneAccount> phoneAccountsForPackage2 = + generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId, + MAX_PHONE_ACCOUNT_REGISTRATIONS, CAPABILITY_SELF_MANAGED); + try { + // register all accounts for package 1 + phoneAccountsForPackage1.stream() + .forEach(a -> mTelecomManager.registerPhoneAccount(a)); + // verify all can be fetched + verifyCanFetchAllPhoneAccountHandles(); + // register all accounts for package 2 + bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2); + // verify all can be fetched + verifyCanFetchAllPhoneAccountHandles(); + } catch (IllegalArgumentException e) { + // allow test pass ... + } finally { + unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2); + cleanupPhoneAccounts(); + } + } + + /** + * Test the scenario where {@link TelecomManager#getAllPhoneAccounts()} + * is called with a heavy payload that could cause a {@link + * android.os.TransactionTooLargeException}. Telecom is expected to handle this by splitting + * the parcels via {@link android.content.pm.ParceledListSlice}. + */ + public void testGetAllPhoneAccountsWithLargePayload() throws Exception { + if (!mShouldTestTelecom) return; + // ensure the test starts without any phone accounts registered to the test package + cleanupPhoneAccounts(); + // generate a large phoneAccountHandle id string to create a large payload + String largeAccountHandleId = generateLargeString( + LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE); + assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length()); + // create handles for package 1 + List<PhoneAccount> phoneAccountsForPackage1 = + generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId, + numberOfPhoneAccountsCtsPackageCanRegister(), + CAPABILITY_CALL_PROVIDER + | PhoneAccount.CAPABILITY_SIM_SUBSCRIPTION); + //create handles for package 2 + List<PhoneAccount> phoneAccountsForPackage2 = + generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId, + MAX_PHONE_ACCOUNT_REGISTRATIONS, + CAPABILITY_SELF_MANAGED); + try { + // register all accounts for package 1 + for (PhoneAccount pa : phoneAccountsForPackage1) { + ShellIdentityUtils.invokeMethodWithShellPermissionsNoReturn(mTelecomManager, + tm -> tm.registerPhoneAccount(pa), REGISTER_SIM_SUBSCRIPTION_PERMISSION); + } + // verify all can be fetched + verifyCanFetchAllPhoneAccounts(); + // register all accounts for package 2 + bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2); + // verify all can be fetched + verifyCanFetchAllPhoneAccounts(); + } catch (IllegalArgumentException e) { + // allow test pass ... + } finally { + unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2); + cleanupPhoneAccounts(); + } + } + + // -- The following are helper methods for this testing class. -- + private String generateLargeString(int size, String repeatStrValue) { + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < size; i++) { + sb.append(repeatStrValue); + } + return sb.toString(); + } + + private List<PhoneAccount> generatePhoneAccountsForPackage(ComponentName cn, String baseId, + int numOfAccountsToRegister, int capabilities) { + List<PhoneAccount> accounts = new ArrayList<>(); + for (int i = 0; i < numOfAccountsToRegister; i++) { + String id = baseId + i; + PhoneAccountHandle pah = new PhoneAccountHandle(cn, id); + // create phoneAccount + String number = TEL_PREFIX + i; + PhoneAccount pa = PhoneAccount.builder(pah, TestUtils.ACCOUNT_LABEL) + .setAddress(Uri.parse(number)) + .setSubscriptionAddress(Uri.parse(number)) + .addSupportedUriScheme(PhoneAccount.SCHEME_TEL) + .setCapabilities(capabilities) + .build(); + accounts.add(pa); + } + return accounts; + } + + public void bindToSecondTestPackageAndRegisterAccounts(List<PhoneAccount> accounts) + throws Exception { + bindToSecondTestPackage(); + registerAccountsToSecondTestPackage(accounts); + } + + public void unbindSecondTestPackageAndUnregisterAccounts(List<PhoneAccount> accounts) { + try { + mContext.unbindService(mControl); + unRegisterAccountsForSecondTestPackage(accounts); + } catch (Exception e) { + Log.d(TAG, + "exception thrown while trying to unbind and unregister accts for 2nd package"); + } + } + + public void bindToSecondTestPackage() throws RemoteException { + // Set up binding for second package. This is needed in order to bypass a SecurityException + // thrown by a second test package registering phone accounts. + mControl = setUpControl(CAR_MODE_CONTROL, SELF_MANAGED_CAR_RELATIVE_COMPONENT); + mSecondaryTestPackageControl = + ICtsCarModeInCallServiceControl.Stub.asInterface(mControl.getService()); + // reset all package variables etc. + if (mSecondaryTestPackageControl != null) { + mSecondaryTestPackageControl.reset(); //... done setting up binding + } + } + + public void registerAccountsToSecondTestPackage(List<PhoneAccount> accounts) + throws Exception { + if (mSecondaryTestPackageControl != null) { + for (PhoneAccount p : accounts) { + mSecondaryTestPackageControl.registerPhoneAccount(p); + TestUtils.enablePhoneAccount(getInstrumentation(), p.getAccountHandle()); + } + } + } + + public void unRegisterAccountsForSecondTestPackage(List<PhoneAccount> accounts) + throws RemoteException { + if (mSecondaryTestPackageControl != null) { + for (PhoneAccount p : accounts) { + mSecondaryTestPackageControl.unregisterPhoneAccount(p.getAccountHandle()); + } + } + } + + public void verifyCanFetchCallCapableAccounts() { + List<PhoneAccountHandle> res = + mTelecomManager.getCallCapablePhoneAccounts(true); + assertNotNull(res); + assertTrue(res.size() > 0); + } + + public void verifyCanFetchAllPhoneAccountHandles() { + List<PhoneAccountHandle> res = + ShellIdentityUtils.invokeMethodWithShellPermissions( + mTelecomManager, (tm) -> tm.getAllPhoneAccountHandles(), + MODIFY_PHONE_STATE_PERMISSION); + assertNotNull(res); + assertTrue(res.size() > 0); + } + + public void verifyCanFetchAllPhoneAccounts() { + List<PhoneAccount> res = + ShellIdentityUtils.invokeMethodWithShellPermissions( + mTelecomManager, (tm) -> tm.getAllPhoneAccounts(), + MODIFY_PHONE_STATE_PERMISSION); + assertNotNull(res); + assertTrue(res.size() > 0); + } + + public void verifyCanFetchSelfManagedPhoneAccounts() { + List<PhoneAccountHandle> res = + mTelecomManager.getSelfManagedPhoneAccounts(); + assertNotNull(res); + assertTrue(res.size() > 0); + } + + private int numberOfPhoneAccountsCtsPackageCanRegister() { + return MAX_PHONE_ACCOUNT_REGISTRATIONS - getNumberOfPhoneAccountsRegisteredToTestPackage(); + } + + private TestServiceConnection setUpControl(String action, ComponentName componentName) { + Intent bindIntent = new Intent(action); + bindIntent.setComponent(componentName); + TestServiceConnection + serviceConnection = new TestServiceConnection(); + mContext.bindService(bindIntent, serviceConnection, Context.BIND_AUTO_CREATE); + if (!serviceConnection.waitBind()) { + fail("fail bind to service"); + } + return serviceConnection; + } + + private class TestServiceConnection implements ServiceConnection { + private IBinder mService; + private CountDownLatch mLatch = new CountDownLatch(1); + private boolean mIsConnected; + + @Override + public void onServiceConnected(ComponentName componentName, IBinder service) { + Log.i(TAG, "Service Connected: " + componentName); + mService = service; + mIsConnected = true; + mLatch.countDown(); + } + + @Override + public void onServiceDisconnected(ComponentName componentName) { + mService = null; + } + + public IBinder getService() { + return mService; + } + + public boolean waitBind() { + try { + mLatch.await(TIMEOUT, TimeUnit.MILLISECONDS); + return mIsConnected; + } catch (InterruptedException e) { + return false; + } + } + } + + /** + * Helper that cleans up any phone accounts registered to this testing package. Requires + * the permission READ_PRIVILEGED_PHONE_STATE in order to invoke the + * getPhoneAccountsForPackage() method. + */ + private void cleanupPhoneAccounts() { + try { + if (mTelecomManager != null) { + // Get all handles registered to the testing package + List<PhoneAccountHandle> handles = + ShellIdentityUtils.invokeMethodWithShellPermissions( + mTelecomManager, (tm) -> tm.getPhoneAccountsForPackage(), + READ_PHONE_STATE_PERMISSION); + // cleanup any extra phone accounts registered to the testing package + if (handles.size() > 0 && mTelecomManager != null) { + handles.stream().forEach( + d -> mTelecomManager.unregisterPhoneAccount(d)); + } + TestUtils.executeShellCommand(getInstrumentation(), TELECOM_CLEANUP_ACCTS_CMD); + } + } catch (Exception e) { + Log.d(TAG, "cleanupPhoneAccounts: hit exception while trying to clean"); + } + } + + /** + * Helper that gets the number of phone accounts registered to the testing package. Requires + * the permission READ_PRIVILEGED_PHONE_STATE in order to invoke the + * getPhoneAccountsForPackage() method. + * + * @return number of phone accounts registered to the testing package. + */ + private int getNumberOfPhoneAccountsRegisteredToTestPackage() { + if (mTelecomManager != null) { + return ShellIdentityUtils.invokeMethodWithShellPermissions( + mTelecomManager, (tm) -> tm.getPhoneAccountsForPackage(), + READ_PHONE_STATE_PERMISSION).size(); + } + return 0; + } +}
\ No newline at end of file diff --git a/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java b/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java index fe38d3c6b5b..f53cfc31a87 100644 --- a/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java +++ b/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java @@ -21,6 +21,9 @@ import android.app.UiModeManager; import android.content.ComponentName; import android.content.Intent; import android.os.IBinder; +import android.telecom.PhoneAccount; +import android.telecom.PhoneAccountHandle; +import android.telecom.TelecomManager; import android.util.Log; /** @@ -97,6 +100,22 @@ public class CtsCarModeInCallServiceControl extends Service { public boolean checkBindStatus(boolean bind) { return CtsCarModeInCallService.checkBindStatus(bind); } + + @Override + public void registerPhoneAccount(PhoneAccount phoneAccount) { + TelecomManager telecomManager = getSystemService(TelecomManager.class); + if (telecomManager != null) { + telecomManager.registerPhoneAccount(phoneAccount); + } + } + + @Override + public void unregisterPhoneAccount(PhoneAccountHandle phoneAccountHandle) { + TelecomManager telecomManager = getSystemService(TelecomManager.class); + if (telecomManager != null) { + telecomManager.unregisterPhoneAccount(phoneAccountHandle); + } + } }; @Override diff --git a/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java b/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java index 00e4dfe157a..5ab32fc0b14 100644 --- a/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java +++ b/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java @@ -127,6 +127,19 @@ public class MmsPartTest { } + /** + * Verifies uri path outside the directory of mms parts is not allowed. + */ + @Test + public void testMmsPartUpdate_invalidUri() { + ContentValues cv = new ContentValues(); + Uri uri = Uri.parse("content://mms/resetFilePerm/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F.." + + "%2F..%2F..%2F..%2F..%2Fdata%2Fuser_de%2F0%2Fcom.android.providers.telephony" + + "%2Fdatabases"); + int cursorUpdate = mContentResolver.update(uri, cv, null, null); + assertThat(cursorUpdate).isEqualTo(0); + } + @Test public void testMmsPartDelete_canDeleteById() { Uri mmsUri = insertIntoMmsTable(MMS_SUBJECT_ONE); diff --git a/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java b/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java index 0f4fd691170..7f80e5601e8 100644 --- a/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java +++ b/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java @@ -82,8 +82,12 @@ public class MediaPreparerAppTest { @Test public void testGetResolutions() throws Exception { + String moduleName = InstrumentationRegistry.getArguments().getString("module-name"); + if (moduleName == null) { + moduleName = MODULE_NAME; + } Resolution maxRes = new Resolution(DEFAULT_MAX_WIDTH, DEFAULT_MAX_HEIGHT); - DynamicConfigDeviceSide config = new DynamicConfigDeviceSide(MODULE_NAME); + DynamicConfigDeviceSide config = new DynamicConfigDeviceSide(moduleName); for (String key : config.keySet()) { int width = 0; int height = 0; |